pull down to refresh

tl;dr

  • It's possible to tunnel Mosh over the I2P network in order to get an anonymous, stable ssh connection.
  • Once connected, the connection was reliable and kept open for hours. But when it disconnected, re-connecting was unreliable.
  • I'm sticking with Tor Hidden Services. However, if you have intermittent connectivity you might have no option other than to follow this guide.

Definitions

  • Mosh is a replacement for ssh. It's a remote terminal application that supports intermittent connectivity, allows roaming, and provides speculative local echo and line editing of user keystrokes.
  • I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
  • Mosh is UDP-based but Tor can tunnel only TCP. Hence, this experiment with I2P, which can tunnel both TCP and UDP.
That is, I2P is similar to the Tor project, also uses Onion-routing (in a different way), but doesn't have Exit Nodes (it's an "intranet", if you will.), and can tunnel the UDP protocol (e.g. Mosh).

How to set up Mosh-over-I2P

Install i2pd using your favorite package manager. Then start it (systemctl start i2pd) and you should be able to access the webconsole at http://localhost:7071.
Server configuration:
# server/tunnels.conf [SSH] type = server host = 127.0.0.1 # docs say this field is optional but it wouldn't work without it port = 22 keys = ssh-keys.dat # these "keys" files get generated so any filename works [MOSH] type = udpserver host = 127.0.0.1 port = 60000 keys = mosh-keys.dat
Client configuration:
# client/tunnels.conf [SSH] type = client host = 127.0.0.1 port = 7622 # some local port you have available for the tunnel destination = <hash>.bc32.i2p # you get this from the I2P webconsole (points to the server's SSH tunnel set above) destinationport = 22 keys = ssh-out.dat [MOSH] type = udpclient destination = <hash>.bc32.i2p # also get this from the I2P webconsole (points to the server's MOSH tunnel) host = 127.0.0.1 port = 60000
Now restart i2p on both sides (systemctl restart i2pd), then on the client you should be able to run:
$ mosh --ssh="ssh -p 7622" -p 60000 --experimental-remote-ip=local root
It works sometimes and sometimes it doesn't. When it works, it works well. But when the initial connection fails, then it's hard to get it to work again.

Comparison

  • ssh-over-tor vs
  • ssh-over-i2p vs
  • mosh-over-i2p
I've tried running some tests with sshping but none of the three options had a connection stable enough to be able to actually run all tests. Hence, I experimented with having these three options running htop -d 1 over night.
My empirical results:
first connectionintermittent connectivityscreen resizesovernight connectiondifficulty to set up
ssh-over-torreliabledisconnectsfastpassedmedium
ssh-over-i2preliabledisconnectsslowdisconnectedhard
mosh-over-i2pinconsistentworksfastestpassedharder

Conclusion:

I'm sticking with Tor Hidden Services for now.
Great write up! I hadn't heard of Mosh, but like many of us, am extremely dependent and fond of SSH. I would call it the the most pervasive keypair identity system on the net (hopefully only to be usurped by Bitcoin). I can see the benefit of SSH being connectionless.
I also haven't used i2p yet, so it's nice to read more material on it.
reply
Too bad, would have been good to know why. High latency terminals are painful and Mosh solves that.
Eternal Terminal is another option which might work with Tor (TCP) but it's much more so an alternative to autossh than Mosh, as it lacks the latency related functionality.
reply