Hacker News new | ask | show | jobs
by Piskvorrr 1912 days ago
Sure, it looks easy to memorize. There's one thing I'm probably misunderstanding:

it seems to me that the connection has no identification, authentization or authorization whatsoever (as these are the parts that Mosh offloaded to SSH, by design): if you know the port, you're in.

What am I missing?

Edit: ok, I see, you need to also input the MOSH_MALLET_HMAC_KEY and MOSH_MALLET_CCRYPT_KEY into the client. That...helps. Are they static, though?
1 comments
ZnZirconium 1912 days ago
I memorized it. I really don't want to install a client even though I wrote one. I wanted the protocol to be simpler so the lazy client would be simpler but I realize it needs to check for request forgery.

Authentication is by preshared keys and the client prompts for them or you can set environment variables. The preshared keys are static, yes.

link
Piskvorrr 1912 days ago
Ah, okay. I was horrified that it's only secured by the port number, but that was just my inability to read :D

This sure looks useful, nice!

link