guardian-agent VS mosh

Compare guardian-agent vs mosh and see what are their differences.

guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH (by StanfordSNR)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
guardian-agent mosh
5 2
431 42
0.0% -
0.0 0.0
8 months ago 7 months ago
Go C++
BSD 3-clause "New" or "Revised" License GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

guardian-agent

Posts with mentions or reviews of guardian-agent. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-09-18.
  • The pitfalls of using SSH-agent, or how to use an agent safely
    3 projects | news.ycombinator.com | 18 Sep 2021
    ObPlug for Guardian Agent, which is basically "safe" ssh-agent forwarding (and works with Mosh and SSH): https://github.com/StanfordSNR/guardian-agent

    The basic story is that ssh-agent really just exposes a primitive of "please sign this challenge," which is useful locally, but the protocol wasn't designed to be forwarded. If requests are coming from a semi-trusted intermediary host, the protocol doesn't tell the agent (a) what remote server is being authenticated to [i.e., who generated the challenge?], or (b) what command is going to be executed. It doesn't even really know (c) what (semi-trusted) host has forwarded the challenge?

    Guardian Agent is a sort of hack that allows the agent to know (a), (b), and (c) before deciding whether to grant or deny the request, and you can set up policies like, "I'd like to allow `jump host x` to use to run "git pull" when talking to `git server y`, but that's it." The basic ssh-agent protocol just doesn't have enough info to be able to do something like that.

  • Mosh: The Mobile Shell
    15 projects | news.ycombinator.com | 11 Aug 2021
    Re: Unicode, please see https://news.ycombinator.com/item?id=28151652. (Mosh really just uses your C library for knowing the width of characters -- if the server's and client's libc support a character, Mosh will too. Unfortunately Apple in particular has historically been not super-great about keeping theirs up-to-date once Unicode went to an annual release cycle. screen and tmux have similar issues and basically ship their own Unicode tables, which has its own problems.)

    For ssh-agent forwarding, most people are using https://github.com/StanfordSNR/guardian-agent which is more secure than traditional agent forwarding, and works with SSH or Mosh.

    15 projects | news.ycombinator.com | 11 Aug 2021
    there is a fork with port forwarding support https://github.com/rinne/mosh and a PR with a long discussion https://github.com/mobile-shell/mosh/pull/696 on why it's not merged

    you can compile them yourself or if you want to skip the step I recently set up GitHub actions to compile linux binaries of this [1][2], tested by a sample of 1 so no guarantees it works, was planning on doing a tap PR/tap of it at some point

    also the official developers have been involved a project to solve this while improving the whole-agent approval things also https://github.com/StanfordSNR/guardian-agent , but I couldn't get it to work which is why I tried the fork and got that working

    [1] https://github.com/gnyman/mosh/actions/runs/1068715036

  • AskReddit: is there such a thing as async SSH that allows for zero latency typing? (explanation in text)
    2 projects | /r/commandline | 13 Mar 2021
    ‘mosh’ is amazing for this, although I had to stop using it years ago because it didn’t support key forwarding. Apparently, there’s now a solution for that: https://github.com/StanfordSNR/guardian-agent

mosh

Posts with mentions or reviews of mosh. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-08-11.

What are some alternatives?

When comparing guardian-agent and mosh you can also consider the following projects:

Mosh - Mobile Shell

DomTerm - DOM/JavaScript-based terminal-emulator/console

openssh-portable - Portable OpenSSH

muxile - Putting tmux on your mobile - Muxile is a tmux plugin that lets you control a running tmux session with your phone, no app needed.

mac-ssh-confirm - Protect against SSH Agent Hijacking on Mac OS X with the ability to confirm agent identities prior to each use

widecharwidth - public domain wcwidth implementation

ssh-agent - GitHub Action to setup `ssh-agent` with a private key