Q. How do I reuse same ssh connection to speed up remote login procedure with OpenSSH client?
A. You can restricts or reuse connection for remote server using controlmaster directive. To enables the sharing of multiple sessions over a single network connection add controlmaster after host directive. When set to yes ssh client will listen for connections on a control socket specified using the ControlPath argument. These sessions will try to reuse the master instance’s network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening.
WARNING! These examples requires OpenSSH version 4.0 or higher.Open ~/.ssh/config file (ssh client configuration file). If you need system wide settings add to /etc/ssh/ssh_config file:
$ vi ~/.ssh/config
Append following code to reuse ssh connection for all hosts:
host *
controlmaster auto
controlpath /tmp/ssh-%r@%h:%pWhere,
- controlmaster auto: Set controlmaster to auto
- controlpath /tmp/ssh-%r@%h:%p: Specify the path to the control socket used for connection sharing. In the path, ‘%h will be substituted by the target host name, %p the port, and %r by the remote login username. It is recommended that any ControlPath used for opportunistic connection sharing include at least %h, %p, and %r. This ensures that shared connections are uniquely identified.
You can also match any host in the 192.168.0.[0-9] network range with following pattern:
Host 192.168.0.?
controlmaster auto
controlpath /tmp/ssh-%r@%h:%pFor any host in the ".co.in" set of domains, reuse the connection:
Host *.co.in
controlmaster auto
controlpath /tmp/ssh-%r@%h:%pSave and close the file. Now connect as usual,
$ ssh vivek@vpn.nixcraft.co.in
Next, time you connect again it will use connection socket /tmp/ssh-vivek@vpn.nixcraft.in:22 to speed up things. You don't have to input password or anything else. You need one connection to be active for the second to be accelerated. This also works with scp / sftp etc:
$ scp /path/to/file.txt vivek@vpn.nixcraft.co.in:/tmp
A note about X11, ssh-agent and port forwarding
Please note that X11 and ssh-agent forwarding is supported over these multiplexed connections, however the display and agent forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays or agents. However, you can create new session as follows for port forwarding:
$ ssh -M -S /tmp/3001.port.forwording -L 3001:localhost:3001 -N -f vivek@vpn.nixcraft.co.in
Further readings:
- man pages ssh and ssh_config
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 9 comments… read them below or add one }
Wow, that is indeed a good trick! Never heard of these configuration variables.
Works on Mac OS X 10.5.4, the only remark;
- I have the options set for no host, so your ~/.ssh/config could just be like this:
ControlMaster auto
ControlPath /tmp/ssh-%r@%h:%p
- The manpage suggests to use the variables with different capitalization. See example above.
Regards and thanks for the great trick, indeed fast!
Robert de Bock.
I’m concerned about security. Is there any security issue using re-using ssh connections?
thanks
The ONLY draw back I’ve found to this is that because all subsequent SSH requests to the same host share the TCP connection, doing a bulk SCP will slow down the responsiveness of the interactive sessions. It’s not a problem most of the time.
why doesn’t it works in my cygwin?
The error is:
$ ssh sunjingwei@relay01
ssh_msg_recv: read: header
muxclient: msg_recv
thank u very much.
$ ssh -fNM eta
$ ssh eta ls
mm_receive_fd: no message header
muxserver_accept_control: failed to receive fd 0 from slave
ssh_msg_recv: read: header
muxclient: msg_recv
FYI, ssh manpages recommend storing the socket in a private location to prevent other users from using the same socket.
As for the cygwin error, my research so far indicates that this is due to passing around a file descriptor… https://bugzilla.mindrot.org/show_bug.cgi?id=1278
You’re the grteesat! JMHO
Hi,
does it works on windows?
My config file looks like:
Host xxxx.xxxxx.xx HostName xxxx.xxxxx.xx Port YY User xyz IdentityFile C:\Users\x\.ssh\id_rsa ControlMaster auto ControlPath C:\Users\x\.ssh\ssh-%r@%h%pBut i have to enter password every time, when connecting to host :(
This is unreal!
Connections to EC2 instances took ~6 seconds to negotiate a connection.
I’m using Chef-Solo and the multiple stages involved in deploying code such as rsync, scp, remote ssh commands, were being dragged down by this connection.
You have made my day!