Using Mosh with Zscaler: How to Keep UDP Connections Alive

Packets drop. The SSH session freezes. Your work halts mid-command. You switch networks, but the connection hangs. This is where Mosh changes everything — and where Zscaler complicates it.

Mosh (Mobile Shell) keeps terminal sessions alive even when IPs change, networks bounce, or latency spikes. Unlike SSH, it uses UDP and a predictive model to render text instantly. Zscaler, as a cloud security proxy, intercepts and filters traffic. The friction comes when Mosh tries to fire UDP packets through Zscaler’s secure tunnels.

Most Zscaler deployments handle TCP cleanly but block or rewrite UDP. Mosh’s default ports, often 60000–61000, can fail under this interference. Engineers see sessions drop or refuse to start. The fix requires shaping both ends:

• Confirm Zscaler policy allows outbound UDP from client to server.
• Open the exact port range Mosh uses.
• Whitelist host addresses for direct UDP routing.
• Disable SSL Inspection for Mosh connections to prevent handshake disruption.

On locked-down corporate networks, Zscaler admins may need to create app-specific rules. Where inbound rules are tight, shift Mosh to a single port and reflect that in firewall and server config. Test connectivity with mosh-server manually before relying on automated scripts.

Combining Mosh and Zscaler means balancing low-latency mobility with secure perimeter enforcement. Done right, you get instant keystroke feedback and resilient long-lived sessions without punching dangerous holes in policy.

Ready to see seamless remote shells and modern security work together without pain? Launch it on hoop.dev and watch it run live in minutes.