One wrong keystroke, and the session dropped. Hours of work gone. You reconnect, but the firewall locks you out. This is why Identity-Aware Proxy for Mosh changes everything.
Mosh was built for reliable, low-latency remote shells that survive shaky connections. But Mosh alone doesn't know who you are. Without strong identity at the network edge, you risk opening a powerful hole in your infrastructure. Identity-Aware Proxy, or IAP, puts identity first—enforcing who can connect before any packet reaches the target.
Identity-Aware Proxy Mosh blends the resilience of Mosh with zero-trust access control. It binds user authentication to every connection while keeping Mosh’s roaming and instant-typing features intact. Even when you move between networks, IP addresses change, or connections drop, you stay connected without losing the security gate. Credentials are checked before the handshake completes, blocking unauthorized shells entirely.
Setup is straightforward. The proxy sits in front of your Mosh servers, validating sessions against your identity provider—Okta, Google Workspace, Azure AD, or any OIDC-compliant service. It supports granular rules. You can grant access per user, per group, or per environment. Specific roles can connect to dev, but not prod. Connections are logged, audited, and revocable in seconds.
For workloads that require both uptime and airtight access, this approach is a leap forward. No lingering SSH keys. No risky VPN tunnels left open overnight. No blind trust in a list of IP addresses. Just a modern authentication flow, enforced every time someone starts a session.
Developers can keep their fast edit-test cycles. Ops can breathe easier knowing all traffic is identity-bound. Security teams gain both visibility and control without slowing anyone down. Combining IAP with Mosh removes the old trade-off between speed and safety.
You can see Identity-Aware Proxy Mosh in action right now. Hoop.dev makes it possible to set it up and run live in minutes—safe, fast, and ready for real work.