How do people here feel about mosh to the wide internet? We provide SSH, and use both normal secure passwords and duo for all logins. We've had a few more inquiries about using mosh recently, and looking at it, the big concerns I'd have are potentially the firewall rules (is it outgoing or incoming high port?) and the long lasting authentication across IPs and network connections. On unmanaged collaborator or partner devices this seems like a kind of hole if the device is compromised or stolen, where the session can live for "a long time".
However, I tend to believe them that their AES session keys make it pretty unlikely to be hijacked just over the net. Is there any consensus?
Mosh is not more secure than SSH: it uses SSH to initiate connections, so this is the upper bound.¹ Mosh's UDP protocol has not been given the same security attention as SSH's, though. As such, I'm willing to use it over the open internet for private stuff, but not for business use cases.
¹ I know mosh authors write «In one concrete respect, the Mosh protocol is more secure than SSH's: SSH relies on unauthenticated TCP to carry the contents of the secure stream.», but this refers to the UDP stream after the connection is initiated. If there is a security hole in SSH, it's pretty likely the attacker could take advantage of it during the connection initiation process. Mosh authors do acknowledge this in the subsequent paragraph: «However, in typical usage, Mosh relies on SSH to exchange keys at the beginning of a session, so Mosh will inherit the weaknesses of SSH—at least insofar as they affect the brief SSH session that is used to set up a long-running Mosh session.»