Had a bit of a head scratcher as to why my brew installed mosh-server wasn’t working on my macOS Sonoma instance. Turns out, when mosh-server runs, ps ends up showing the symlinked path. Thus, it was just a matter of just finding the actual binary and letting it through the firewall. Ended up scripting the following:

#!/usr/bin/env bash
MOSH_OUTGOING_VERSION=$(brew list mosh --versions | awk '{print $2}')

brew update && brew upgrade mosh && brew cleanup

MOSH_INCOMING_VERSION=$(brew list mosh --versions | awk '{print $2}')

if [ $MOSH_OUTGOING_VERSION != $MOSH_INCOMING_VERSION ]; then
    MOSH_BREW_SYMLINK=$(which mosh-server)
    ACTUAL_PATH=$(readlink -f $MOSH_BREW_SYMLINK)
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add $ACTUAL_PATH
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp $ACTUAL_PATH
    sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
fi