Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
https://mosh.org/#faq:~:text=Q%3A%20What%20is%20Mosh%27s%20s...
The cryptography is standard AES-128 in OCB3 mode. It's been around long enough, and has had enough security scrutiny to at least discover a few minor DoS vulnerabilities, that it isn't entirely unreviewed.
For the cipher itself, see https://en.wikipedia.org/wiki/OCB_mode#Attacks
WireGuard[1] might help here, at least with network issues. It's literally designed to be able to keep a connection even when moving to one network to another ("roaming").
And as a side-benefit, if your SSH daemon only listens on the WireGuard interface, that's another layer of defense you get for free (not to mention you'll stop getting noise in your logs).
Ironically though, here you actually need to know about `~.` because if the remote host actually goes down, WG will keep trying to contact the remote peer for some time; this is the same behavior that allows you to keep a connection open even when roaming, but seen from the other side.
[1]: https://www.wireguard.com/