I'm having to completely disable the macOS firewall to allow the UDP connections to connect to it as a mosh-server. I tried to add mosh-server / mosh to the "Allow incoming connections" list, but it didn't work. Is there some other way to punch a hole in the macOS firewall for the required ports?
What version of macOS?
As a Mosh developer, it's been a while since I had to do this, but I think a good way to handle this is to do mosh localhost on the Mac involved, while you're at the console. Then you can click on the macOS firewall dialog to approve mosh-server permanently.
We should test and document that, maybe.
Oh, please forget I said any of that. It's all wrong. Sorry.
Just after I finished the last comment, I remembered I do have a Mac here. No, it doesn't work that way, and yes, I had the firewall turned off.
Yeah, this is an insurmountable problem for me too. Every once in awhile I can get it to work, but it never works for long. I have to disable the firewall for reliable mosh connections. I'm using Little Snitch instead now, but I'm not 100% confident that that's a good replacement for the built-in firewall (and even it's developer says it's intended more as a complement to it).
Any solution?
Bump on this - would really like to use mosh without turning off the entire firewall.
Mee to.
Does the process outlined here not work for you? http://www.chriskrycho.com/2017/set-up-mosh-on-macos.html
Did everything in that guide, including tampering with my router to forward the ports. It didn't work for me.
@jeremy-w No, it does not. It will sometimes work for a short time, but very quickly stops working again. I was consistently unable to mosh into my Mac after doing this and several other variations of it. The only permanent fix is to disable the macOS firewall altogether.
@eminence For me: macOS 10.13.3, but every version I've tried prior to this one exhibited the same behavior.
I'm seeing the same issues, also on macOS 10.13.3.
Does the process outlined here not work for you? http://www.chriskrycho.com/2017/set-up-mosh-on-macos.html
I got this to work for a few minutes but unclear why and repeating the same steps has not allowed me to connect.
I was having the same problem adding mosh-server through the firewall GUI, but adding mosh-server through the CLI worked for me.
# i recommend setting up the following alias first
alias firepower='sudo /usr/libexec/ApplicationFirewall/socketfilterfw'
# temporarily shut firewall off
firepower --setglobalstate off
# add symlinked location to firewall
firepower --add $(which mosh-server)
firepower --unblockapp $(which mosh-server)
# add homebrew location to firewall
firepower --add $(brew --prefix)/Cellar/mosh/1.3.2_2/bin/mosh-server
firepower --unblockapp $(brew --prefix)/Cellar/mosh/1.3.2_2/bin/mosh-server
# re-enable firewall
firepower --setglobalstate on
Worked like a charm for me.
Just a heads up in case it helps. In this Knowledge Base for Blink seems like people has been successful with mosh-server configuration for OSX.
@jschwrtz you're awesome.
Since it seems that the FW wants the un-aliased path to mosh-server, I guess that means you'll have to fix this after every upgrade. š Here's a little bash function for that:
fix_mosh_server() {
local fw='/usr/libexec/ApplicationFirewall/socketfilterfw'
local mosh_sym="$(which mosh-server)"
local mosh_abs="$(greadlink -f $mosh_sym)"
sudo "$fw" --setglobalstate off
sudo "$fw" --add "$mosh_sym"
sudo "$fw" --unblockapp "$mosh_sym"
sudo "$fw" --add "$mosh_abs"
sudo "$fw" --unblockapp "$mosh_abs"
sudo "$fw" --setglobalstate on
}
@adamyonk an excellent idea!
I already created a LaunchDaemon for my previous script, just to ensure mosh is available on every boot. This is the perfect upgrade to that script -- set and forget.
Jeremy W. Sherman
http://jeremywsherman.com/
On Feb 26, 2018, at 11:44, Adam Jahnke notifications@github.com wrote:
Since it seems that the FW wants the un-aliased path to mosh-server, I guess that means you'll have to fix this after every upgrade. š Here's a little bash function for that:
fix_mosh_server() {
local fw='/usr/libexec/ApplicationFirewall/socketfilterfw'
local mosh_sym="$(which mosh-server)"
local mosh_abs="$(greadlink -f $mosh_sym)"sudo "$fw" --setglobalstate off
sudo "$fw" --add "$mosh_sym"
sudo "$fw" --unblockapp "$mosh_sym"
sudo "$fw" --add "$mosh_abs"
sudo "$fw" --unblockapp "$mosh_abs"
sudo "$fw" --setglobalstate on
}
ā
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
@jeremy-w I think it's necessary to reload the config. The whole thing takes less than 500 ms.
Jeremy W. Sherman
http://jeremywsherman.com/
On Feb 26, 2018, at 12:42, Adam Jahnke notifications@github.com wrote:
@jeremy-w I think it's necessary to reload the config. The whole thing takes less than 500 ms.
ā
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
I added a gist with @adamyonk's fix_mosh_server function in a script, a LaunchDaemon plist to load it on startup, and an install.sh to put it all in the right places.
it does the trick for me.
adamyonk's function worked for me on
Darwin Chadwicks-MBP.hsd1.co.comcast.net 17.4.0 Darwin Kernel Version 17.4.0: Sun Dec 17 09:19:54 PST 2017; root:xnu-4570.41.2~1/RELEASE_X86_64 x86_64 i386 MacBookPro14,3 Darwin
One more note.
If you want you imac never go to sleep
sudo systemsetup -setcomputersleep Never
@JayTheMarketer This gist is dead now. Can you update it? (I can't find it in your gist page)
Many thanks.
I found the gist here.
I found the gist here.
I also used the mentioned gist but I have this issue in system.log:
com.apple.xpc.launchd[1] (com.mosh): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Do you know what is happening?
I found the gist here.
I also used the mentioned gist but I have this issue in system.log:
com.apple.xpc.launchd[1] (com.mosh): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.Do you know what is happening?
No, sorry. I do not know.
On Mojave this worked for me:
https://github.com/blinksh/blink/issues/11#issuecomment-258649402
note that as I had installed mosh with brew so I had to run:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/bin/mosh-server
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/local/Cellar/mosh/1.3.2_10/bin/mosh-server
You can see the full path after issuing the --add command by
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
On Mojave this worked for me:
blinksh/blink#11 (comment)note that as I had installed
moshwith brew so I had to run:sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/bin/mosh-server sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/local/Cellar/mosh/1.3.2_10/bin/mosh-serverYou can see the full path after issuing the
--addcommand bysudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
Ah the --listapps helped me a lot. I was running these commands a few times in a row and somehow macOS just inserted them in the firewall configuration. I removed (--remove /path/to/app) all the instances and re-added with the script. Now seems to work.
There is a macOS bug that makes this no longer work:
https://developer.apple.com/forums/thread/666222
It seems it has been solved in the beta builds.
(Just putting this here for future reference.)
Most helpful comment
I was having the same problem adding mosh-server through the firewall GUI, but adding mosh-server through the CLI worked for me.
Worked like a charm for me.