The problem#
If you are making a lot of SSH connections, starting each connection can add noticeable overhead. Even worse, a firewall might start blocking the connections as many SSH connections from the same source looks a lot like an attacker trying to guess a password, as one of my officemates discovered recently.
The solution#
SSH has a feature called multiplexing, which is described in this blog post, along with a few other useful SSH tips. Here's the relevant excerpt:
In a shell:
$ mkdir -p ~/.ssh/connections $ chmod 700 ~/.ssh/connections
Add this to your
~/.ssh/config
file:Host * ControlMaster auto ControlPath ~/.ssh/connections/%r_%h_%p
The details#
While ssh
is often used as just a secure version of
telnet
, it's actually closer to being a VPN
system, supporting many channels of communication over the same encrypted
link, which is how port forwarding over SSH is implemented.
Normally SSH makes a connection and opens a single channel for the
terminal. Multiplexing merely means keeping that connection open for
additional terminal channels. The settings described tell SSH to keep
track of open connections in ~/.ssh/connections/
and automatically
reuse an open connection whenever possible.
The firewall#
The firewall which caused this post to get written was keeping track of how many new SSH connections were made to a host and only allow a maximum of 3 new connections each minute. As the firewall was not paying attention to whether the connections were accepted, my officemate's script which performed multiple copies and remote commands was getting blocked.
Comments
Have something to add? Post a comment by sending an email to comments@aweirdimagination.net. You may use Markdown for formatting.
There are no comments yet.