Pages

Sunday, 1 February 2026

tsshd

 tsshd: a udp server that supports connection migration for roaming, keeping ssh sesseion alive even if the network is disconnected for a long time. 

tsshd - tssh udp server that supports connection migration for roaming

MIT License GitHub Release 中文文档

trzsz-ssh ( tssh ) with tsshd supports intermittent connectivity, allows roaming, and can be used on high-latency links such as cellular data connections, unstable Wi-Fi, etc.

It aims to provide complete compatibility with openssh, mirroring all its features, while also offering additional useful features not found in the openssh client, plus:

  • Keeps the session alive if the client goes to sleep and wakes up later, or temporarily loses its connection.

  • Allows the client to "roam" and change IP addresses, switching between any networks, while keeping alive.

Comparison

tsshd was inspired by mosh, and the tsshd works like mosh-server, while the tssh --udp works like mosh.

Feature mosh ( mosh-server ) tssh ( tsshd )
Low Latency ?? KCP
Keep Alive
Client Roaming
Local Echo & Line Editing Not Planned
Multi Platform / Windows mosh#293
SSH X11 Forwarding mosh#41
SSH Agent Forwarding mosh#120
SSH Port Forwarding mosh#337
Output Scrollback mosh#122
OSC52 Sequence mosh#637
ProxyJump mosh#970
tmux -CC Integration mosh#1078

tssh and tsshd works exactly like ssh, there are no plans to support local echo and line editing, and will not have the mosh issues: mosh#1041, mosh#1281, mosh#1295, etc.

How to use

  1. Install tssh on the client ( your local machine ).

  2. Install tsshd on the server ( the remote host ).

  3. Use tssh --udp xxx to log in (latency-sensitive users can specify --kcp option). Or configure as follows in ~/.ssh/config to omit --udp or --kcp option:

    Host xxx
    #!! UdpMode Yes/QUIC/KCP

How it works

  • The tssh plays the role of ssh on the client side, and the tsshd plays the role of sshd on the server side.

  • The tssh will first login to the server normally as an ssh client, and then run a new tsshd process on the server.

  • The tsshd process listens on a random udp port between 61001 and 61999 (can be customized by TsshdPort), and sends its port number and some secret keys back to the tssh process over the ssh channel. The ssh connection is then shut down, and the tssh process communicates with the tsshd process over udp.

Reconnection

┌───────────────────────┐                ┌───────────────────────┐
│                       │                │                       │
│    tssh (process)     │                │    tsshd (process)    │
│                       │                │                       │
│ ┌───────────────────┐ │                │ ┌───────────────────┐ │
│ │                   │ │                │ │                   │ │
│ │  KCP/QUIC Client  │ │                │ │  KCP/QUIC Server  │ │
│ │                   │ │                │ │                   │ │
│ └───────┬───▲───────┘ │                │ └───────┬───▲───────┘ │
│         │   │         │                │         │   │         │
│         │   │         │                │         │   │         │
│ ┌───────▼───┴───────┐ │                │ ┌───────▼───┴───────┐ │
│ │                   ├─┼────────────────┼─►                   │ │
│ │   Client  Proxy   │ │                │ │   Server  Proxy   │ │
│ │                   ◄─┼────────────────┼─┤                   │ │
│ └───────────────────┘ │                │ └───────────────────┘ │
└───────────────────────┘                └───────────────────────┘

  • The client KCP/QUIC Client and Client Proxy are on the same machine and in the same process, and the connection between them will not be interrupted.

  • The server KCP/QUIC Server and Server Proxy are on the same machine and in the same process, and the connection between them will not be interrupted.

  • If the client doesn't receive a heartbeat from the server for a period of time, it might be due to network changes causing the original connection to be interrupted. In this case, the Client Proxy will re-establish a connection to the Server Proxy, and communicate through the new connection after successful authentication. From the perspective of the KCP/QUIC Client and the KCP/QUIC Server, the connection is never interrupted.

Security

  • The KCP/QUIC Server listens only on the localhost at 127.0.0.1, and accepts only one connection. Once the Server Proxy in the same process successfully connects, all other connections will be rejected.

  • The Client Proxy listens only on the localhost at 127.0.0.1, and accepts only one connection. Once the KCP/QUIC Client in the same process successfully connects, all other connections will be rejected.

  • The Server Proxy only forwards packets from the unique and authenticated Client Proxy. The Client Proxy can change its IP address and port, but once a new Client Proxy is authenticated, the Server Proxy will only forward packets from the new Client Proxy, ignoring the old Client Proxy address.

  • The Client Proxy connects for the first time or reconnects to the Server Proxy after changing its IP address and port, it needs to send an authentication message (encrypted using the AES-GCM-256 algorithm, with a one-time key randomly generated by the server, which is sent to the client via the SSH tunnel during login). After the Server Proxy successfully decrypts the authentication message (without tampering), it verifies that whether the client ID matches the expectations and whether the sequence number is greater than the sequence number in all previous authentication messages. If so, it marks the client address as an authenticated address and sends an authentication confirmation message (encrypted using the AES-GCM-256 algorithm) to the client. After the Client Proxy receives the authentication confirmation message from the Server Proxy and decrypts it successfully (without tampering), it verifies the server ID and the sequence number. If they match the expectations, it starts communicating with the Server Proxy using the new address, forwarding messages from the local process KCP/QUIC Client to the Server Proxy. The Server Proxy then forwards the messages to the local process KCP/QUIC Server service.

  • The KCP/QUIC Client and the KCP/QUIC Server use the open-source KCP / QUIC protocols, and use encrypted transmission (the key is a one-time key randomly generated by the server, which is sent to the client via the SSH tunnel during login).

Configurations

Host xxx
    #!! UdpMode Yes
    #!! TsshdPort 61001-61999
    #!! TsshdPath ~/go/bin/tsshd
    #!! UdpAliveTimeout 86400
    #!! UdpHeartbeatTimeout 3
    #!! UdpReconnectTimeout 15
    #!! ShowNotificationOnTop yes
    #!! ShowFullNotifications yes
    #!! UdpProxyMode UDP

  • UdpMode: No (the default: tssh works in TCP mode), Yes (default protocol: QUIC), QUIC (QUIC protocol: faster speed), KCP (KCP protocol: lower latency).

  • TsshdPort: Specifies the port range that tsshd listens on, default is [61001, 61999]. You can specify multiple discrete ports (e.g., 6022,7022) or multiple discrete ranges (e.g., 8010-8020,9020-9030,10080); tsshd will randomly choose an available port. You can also specify the port on the command line using --tsshd-port.

  • TsshdPath: Specifies the path to the tsshd binary on the server, lookup in $PATH if not configured. You can also specify the path on the command line using --tsshd-path.

  • UdpAliveTimeout: If the disconnection lasts longer than UdpAliveTimeout in seconds, tssh and tsshd will both exit, and no longer support reconnection. The default is 86400 seconds.

  • UdpHeartbeatTimeout: If the disconnection lasts longer than UdpHeartbeatTimeout in seconds, tssh will try to reconnect to the server by a new path. The default is 3 seconds.

  • UdpReconnectTimeout: If the disconnection lasts longer than UdpReconnectTimeout in seconds, tssh will display a notification indicating that the connection has been lost. The default is 15 seconds.

  • ShowNotificationOnTop: Whether the connection loss notification is displayed on the top. The default is yes, which may overwrite some of the previous output. Set it to No to display notifications on the current line of the cursor.

  • ShowFullNotifications: Whether to display the full notifications or a brief notification. The default is yes, which may output several lines to the screen. Set it to No will output only one line.

  • UdpProxyMode: The default transport protocol is UDP. If UDP traffic is blocked by firewalls in your network environment, you can set it to TCP to work around the restriction, though this may introduce additional latency.

Installation

  • Install with Go ( Requires go 1.25 or later )

    go install github.com/trzsz/tsshd/cmd/tsshd@latest
     The binaries are usually located in ~/go/bin/ ( C:\Users\your_name\go\bin\ on Windows ).
    from  https://github.com/trzsz/tsshd

    • ------------------------------------------------------------

     

    trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the openssh client. It aims to provide complete compatibility with openssh, mirroring all its features, while also offering additional useful features. Such as login prompt, batch login, remember password, automated interaction, trzsz, zmodem(rz/sz), udp mode like mosh, etc.

    trzsz.github.io/ssh
     
     

    trzsz-ssh ( tssh ) - an ssh client alternative that meets your needs

    MIT License GitHub Release WebSite 中文文档

    trzsz-ssh ( tssh ) is an ssh client designed as a drop-in replacement for the openssh client. It aims to provide complete compatibility with openssh, mirroring all its features, while also offering additional useful features not found in the openssh client.

    trzsz-ssh ( tssh ) with tsshd also supports intermittent connectivity, allows roaming, and can be used on high-latency links such as cellular data connections, unstable Wi-Fi, etc.

    Basic Features

    trzsz-ssh ( tssh ) works exactly like the openssh client. The following common features have been implemented:

    Features Support Options
    Cipher -c Ciphers
    Pseudo TTY -t -T RequestTTY
    SSH Proxy -J -W ProxyJump ProxyCommand
    Network -4 -6 AddressFamily ConnectTimeout
    Multiplexing ControlMaster ControlPath ControlPersist
    Command -s RemoteCommand LocalCommand PermitLocalCommand
    Known Hosts UserKnownHostsFile GlobalKnownHostsFile StrictHostKeyChecking
    SSH Agent -a -A ForwardAgent IdentityAgent IdentitiesOnly SSH_AUTH_SOCK
    Basic Login -l -p -i -F HostName Port User IdentityFile SendEnv SetEnv
    X11 Forward -x -X -Y ForwardX11 ForwardX11Trusted ForwardX11Timeout XAuthLocation
    Authentication PubkeyAuthentication PasswordAuthentication KbdInteractiveAuthentication GSSAPIAuthentication
    Port Forward -g -f -N -L -R -D LocalForward RemoteForward DynamicForward GatewayPorts ClearAllForwardings
    Others EscapeChar

    Extra Features

    trzsz-ssh ( tssh ) offers additional useful features:

    English 中文
    Login Prompt 登录界面
    Custom Theme 主题风格
    Trzsz ( trz / tsz ) 支持 trz tsz
    Zmodem ( rz / sz ) 支持 rz sz
    Support scp sftp 支持 scp sftp
    Batch Login 批量登录
    Group Labels 分组标签
    Automated Interaction 自动交互
    Remember Password 记住密码
    Custom Configuration 个性配置
    Comments of Config 配置注释
    Wayland Integration Wayland 集成
    Clipboard Integration 剪贴板集成
    SSH Console SSH 控制台
    Other Features 其他功能
    UDP Mode ( mosh ) UDP 模式 ( mosh )

    Installation

     Install with Go ( Requires go 1.25 or later )

    go install github.com/trzsz/trzsz-ssh/cmd/tssh@latest
     The binaries are usually located in ~/go/bin/ ( C:\Users\your_name\go\bin\ on Windows ).
    from  https://github.com/trzsz/trzsz-ssh/
     
    at

    No comments:

    Post a Comment