Here's a conversation on HN about it. Mosh uses an initial SSH connection to establish a session, and I located elsewhere that the communication thereafter is handled via AES-128 encrypted UDP traffic. The server process itself seems to only live the life of the session, and doesn't require escalated permissions.
I can't imagine enterprise or government adding it to their stacks, but for connecting to personal stuff doesn't really seem like a big risk.
You still authenticate and kick off the Mosh session via SSH, so it shouldn't be any worse than plain SSH.
> Mosh doesn't listen on network ports or authenticate users. The mosh client logs in to the server via SSH, and users present the same credentials (e.g., password, public key) as before. Then Mosh runs the mosh-server remotely and connects to it over UDP.
Is it as secure as regular SSH when configured properly?