All posts
August 25, 20222 min read

Bastion Host Replacement: Mosh

Secure remote access has always been a cornerstone of operations for software engineers and infrastructure teams. Bastion hosts are a near-universal solution for this, acting as a controlled gateway to private networks. However, they introduce their own set of issues—latency, session drops, and complicated SSH configuration. Enter Mosh: a modern alternative that tackles these problems head-on while simplifying infrastructure. This blog post will explain how Mosh provides a smarter and faster al

Free White Paper

SSH Bastion Hosts / Jump Servers: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

Secure remote access has always been a cornerstone of operations for software engineers and infrastructure teams. Bastion hosts are a near-universal solution for this, acting as a controlled gateway to private networks. However, they introduce their own set of issues—latency, session drops, and complicated SSH configuration. Enter Mosh: a modern alternative that tackles these problems head-on while simplifying infrastructure.

This blog post will explain how Mosh provides a smarter and faster alternative to bastion hosts.

Common Challenges with Bastion Hosts

Bastion hosts have long been the go-to option for securely bridging the gap between public and private networks. While they work, they present challenges:

1. Session Stability

SSH sessions through a bastion often drop when the network is unreliable. Losing connection and starting over can disrupt productivity.

2. Complex Configuration

Setting up a bastion host requires managing key access, user accounts, firewall rules, and sometimes multiple SSH configuration tweaks. Scaling and maintaining this layer adds operational overhead.

3. Latency Overhead

By design, bastion hosts introduce a small but noticeable delay due to the intermediate step. When you’re troubleshooting under pressure, even milliseconds feel like a roadblock.

Mosh—short for "Mobile Shell"—was designed to address these frustrations. Instead of making remote access more complicated, it simplifies it while increasing resilience.

Continue reading? Get the full guide.

SSH Bastion Hosts / Jump Servers: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Why Mosh is a Game-Changer

Mosh replaces SSH in use cases requiring session persistence and low-latency access. Unlike a traditional bastion setup, Mosh changes the way the remote shell fundamentally works.

1. Session Continuity Across Networks

One of Mosh’s standout features is its ability to keep your session active even if your IP changes. This is critical for engineers on unstable networks or those switching from one connection type to another (e.g., Wi-Fi to cellular). Bastion hosts can’t handle this automatically without significant custom scripting or tooling.

2. Optimized Latency

Mosh uses UDP instead of TCP, making it faster in high-latency environments. Typing feels instantaneous, even if there’s a lagged connection in the background. With a bastion, every keystroke might have a delay due to TCP’s overhead.

3. Reduced Configuration Complexity

Mosh doesn’t require as extensive a setup as a bastion host. Once installed and configured on both ends, you won’t need to juggle multiple SSH hops or tweak intricate configurations. It just works.

How Mosh Works

Mosh establishes a secure session using SSH for the initial handshake, but after that, it transitions to UDP. Here’s a simplified view of its workflow:

  1. Handshake Initiation
  • The user initiates an SSH session to a Mosh server.
  • Authentication and initial setup occur in the SSH phase.
  1. Transition to UDP
  • Mosh shifts the connection to a lightweight UDP protocol. This step provides a more resilient communication path.
  1. Continuous Sync
  • Instead of buffering entire outputs as SSH does, Mosh synchronizes only the visible changes in the terminal state. This minimizes delays in each interaction.

Use Cases for Mosh Over Bastion Hosts

Mosh is an excellent replacement for bastion host setups in several scenarios, including:

  • Mobile Engineering Teams: For engineers working from various network types (e.g., 4G, Wi-Fi, or hotspots), Mosh is more reliable than SSH bastions.
  • Latency-Sensitive Workflows: Debugging live production systems or age-critical operations benefit significantly from the instantaneous feedback Mosh offers.
  • Simplifying Overall Architecture: Consolidate away from complex bastion infrastructures that require regular updates and configurations.

Where Does Hoop.dev Fit In?

While Mosh reduces the need for bastion hosts, key-based configurations and SSH setup still require initial investment. Hoop.dev provides an even simpler alternative. With Hoop.dev, you eliminate the need for managing SSH configs and key rotations entirely. In just minutes, you can adopt a modern, developer-friendly approach tailored to your team’s needs—which is why it's worth exploring.

Test-drive Hoop.dev today to see how you can streamline your accessibility stack efficiently. Sync up in minutes 😊.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts