diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix
index b3aa55e189a..359fe23e0ec 100644
--- a/nixos/modules/programs/mosh.nix
+++ b/nixos/modules/programs/mosh.nix
@@ -16,10 +16,28 @@ in
       default = false;
       type = lib.types.bool;
     };
+    withUtempter = mkOption {
+      description = ''
+        Whether to enable libutempter for mosh.
+        This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions).
+        Note, this will add a guid wrapper for the group utmp!
+      '';
+      default = true;
+      type = lib.types.bool;
+    };
   };
 
   config = mkIf cfg.enable {
     environment.systemPackages = with pkgs; [ mosh ];
     networking.firewall.allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
+    security.wrappers = mkIf cfg.withUtempter {
+      utempter = {
+        source = "${pkgs.libutempter}/lib/utempter/utempter";
+        owner = "nobody";
+        group = "utmp";
+        setuid = false;
+        setgid = true;
+      };
+    };
   };
 }
diff --git a/pkgs/development/libraries/libutempter/default.nix b/pkgs/development/libraries/libutempter/default.nix
index d54c82ae7f2..f9703e3c593 100644
--- a/pkgs/development/libraries/libutempter/default.nix
+++ b/pkgs/development/libraries/libutempter/default.nix
@@ -13,11 +13,13 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ glib ];
 
+  patches = [ ./exec_path.patch ];
+
   prePatch = ''
     substituteInPlace Makefile --replace 2711 0711
   '';
 
-  installFlags = [
+  makeFlags = [
     "libdir=\${out}/lib"
     "libexecdir=\${out}/lib"
     "includedir=\${out}/include"
@@ -26,6 +28,10 @@ stdenv.mkDerivation rec {
 
   meta = {
     description = "Interface for terminal emulators such as screen and xterm to record user sessions to utmp and wtmp files";
+    longDescription = ''
+      The bundled utempter binary must be able to run as a user belonging to group utmp.
+      On NixOS systems, this can be achieved by creating a setguid wrapper.
+    '';
     license = licenses.lgpl21Plus;
     platforms = platforms.linux;
     maintainers = [ maintainers.msteen ];
diff --git a/pkgs/development/libraries/libutempter/exec_path.patch b/pkgs/development/libraries/libutempter/exec_path.patch
new file mode 100644
index 00000000000..bd5f56611ef
--- /dev/null
+++ b/pkgs/development/libraries/libutempter/exec_path.patch
@@ -0,0 +1,25 @@
+diff -ur libutempter-1.1.6/iface.c libutempter-1.1.6.patched/iface.c
+--- libutempter-1.1.6/iface.c	2010-11-04 18:14:53.000000000 +0100
++++ libutempter-1.1.6.patched/iface.c	2018-06-06 15:09:11.417755549 +0200
+@@ -60,9 +60,9 @@
+ 		_exit(EXIT_FAILURE);
+ 	}
+ 
+-	execv(path, argv);
++	execvp(path, argv);
+ #ifdef	UTEMPTER_DEBUG
+-	fprintf(stderr, "libutempter: execv: %s\n", strerror(errno));
++	fprintf(stderr, "libutempter: execvp: %s\n", strerror(errno));
+ #endif
+ 
+ 	while (EACCES == errno)
+@@ -79,7 +79,7 @@
+ 		if (setgid(sgid))
+ 			break;
+ 
+-		(void) execv(path, argv);
++		(void) execvp(path, argv);
+ 		break;
+ 	}
+ 
+Only in libutempter-1.1.6.patched: result
diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix
index fb94b750e1d..1a208681072 100644
--- a/pkgs/tools/networking/mosh/default.nix
+++ b/pkgs/tools/networking/mosh/default.nix
@@ -1,5 +1,6 @@
-{ stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig, IOTty
-, makeWrapper, perl, openssl, autoreconfHook, openssh, bash-completion }:
+{ lib, stdenv, fetchurl, zlib, protobuf, ncurses, pkgconfig, IOTty
+, makeWrapper, perl, openssl, autoreconfHook, openssh, bash-completion
+, libutempter ? null, withUtempter ? stdenv.isLinux }:
 
 stdenv.mkDerivation rec {
   name = "mosh-1.3.2";
@@ -10,15 +11,15 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
-  buildInputs = [ protobuf ncurses zlib IOTty makeWrapper perl openssl bash-completion ];
+  buildInputs = [ protobuf ncurses zlib IOTty makeWrapper perl openssl bash-completion ] ++ lib.optional withUtempter libutempter;
 
-  patches = [ ./ssh_path.patch ];
+  patches = [ ./ssh_path.patch ./utempter_path.patch ];
   postPatch = ''
     substituteInPlace scripts/mosh.pl \
         --subst-var-by ssh "${openssh}/bin/ssh"
   '';
 
-  configureFlags = [ "--enable-completion" ];
+  configureFlags = [ "--enable-completion" ] ++ lib.optional withUtempter "--with-utempter";
 
   postInstall = ''
       wrapProgram $out/bin/mosh --prefix PERL5LIB : $PERL5LIB
diff --git a/pkgs/tools/networking/mosh/utempter_path.patch b/pkgs/tools/networking/mosh/utempter_path.patch
new file mode 100644
index 00000000000..a981708ffad
--- /dev/null
+++ b/pkgs/tools/networking/mosh/utempter_path.patch
@@ -0,0 +1,14 @@
+diff -ur mosh-1.3.2/src/frontend/mosh-server.cc mosh-1.3.2.patched/src/frontend/mosh-server.cc
+--- mosh-1.3.2/src/frontend/mosh-server.cc	2017-07-22 23:14:53.000000000 +0200
++++ mosh-1.3.2.patched/src/frontend/mosh-server.cc	2018-06-06 10:45:50.725352804 +0200
+@@ -351,6 +351,10 @@
+     }
+   }
+ 
++#ifdef HAVE_UTEMPTER
++    utempter_set_helper( "utempter" );
++#endif
++
+   try {
+     return run_server( desired_ip, desired_port, command_path, command_argv, colors, verbose, with_motd );
+   } catch ( const Network::NetworkException &e ) {