Mosh opt-out mechanisms

The Mosh protocol keeps SSH-like sessions alive across network changes, using its own state sync layer over UDP. This makes it resilient. It also makes it persistent in ways that catch some engineers off guard. When a process still talks even after a network reset, you need control. That control comes from Mosh opt-out mechanisms.

Mosh opt-out mechanisms are the settings, flags, and configuration options that prevent Mosh from running or force it to terminate early. The most direct option is to bypass mosh entirely and use plain ssh. This is not only manual but also effective when testing session behavior without persistent state.

For system-wide restrictions, an administrator can block UDP ports used by Mosh, usually in the 6000–6100 range. This cuts the wire at the network layer. Scripts can wrap typical login workflows and intercept calls to mosh, replacing them with secure shell commands or denying execution outright. On managed environments, configuration management tools can remove Mosh from the install list, ensuring endpoints cannot initiate sessions.

User-level opt-out can be achieved by setting environment variables or aliases in shell profiles that override mosh calls. Binding mosh to a harmless command or a fail message helps prevent accidental usage. Developers working on custom tools can add a toggle to remove Mosh connection attempts during specific workflows.

Granular control matters. Persistent connections are useful, but they are not always correct for the job. Clear opt-out mechanisms let you decide when Mosh runs and when it doesn’t, without guesswork or hidden state.

If you want to see how fine-grained connection control can work without hours of setup, try it with hoop.dev and see it live in minutes.