In my previous post on SSH multiplexing, I gave the following to
add to your ~/.ssh/config file without explaining what it actually means:
Host * ControlMaster auto ControlPath ~/.ssh/connections/%r_%h_%p
The documentation for ~/.ssh/config can be found at
ssh_config(5). Four options are relevant to this post:
Host- The
configfile is broken up in to sections based on which hosts the configuration options apply to.Host *means these options apply to all connections. If you wanted the options to apply only when connecting toexample.com, you could change that line toHost example.com. - Actually, you can also limit configuration options by things other
than just the host using the
Matchdirective. For example, this configuration has options for connecting with the usernamegit, presumably due to having multiplegitservers that use that username. ControlMaster- Tells
sshto use multiplexing. Specifically, the default isno, which means it will look for an already open master connection. To actually open a master connection,yesoraskcan be used, the latter means that a password prompt will appear when connecting to that master connection. The more useful options for a config file are theautoandautoaskoptions which will use an already open connection if exists, but fall back to acting likeyesandaskrespectively otherwise. ControlPath- In order to connect to the master connection,
sshneeds a way to communicate with it. This is handled by the master creating aUnix socketwhich futuresshinstances look for. Unix sockets are an IPC mechanism which allows two processes on the same machine to communicate via a connection initiated by one process creating a socket identified by a filename and another using that special file to connect. In comparison with TCP, every server needs its own port number that the client needs to know and any client can connect as long as it knows the port number. - Unix sockets are identified by filenames and
ControlPathspecifies the filename to use for the socket The%r,%h,%pparts mean the filename should include the remote username, hostname, and port number in order to identify whichsshsession is which. - This should usually be enough, but if your home
directory is shared among multiple computers, as is common in some
university and other large organization setups, then you will also
need
%lto identify which host you are connecting from. Otherwisesshmay get confused by master connections created by a different host. Luckily,sshprovides a shortcut, which is the%Coption which is a hash of all 4 (although it is not available on older versions ofssh):ControlPath ~/.ssh/connections/%C -
or, if you are a disto which does not have
%Cyet like the latest Ubuntu LTS:ControlPath ~/.ssh/connections/%L_%h_%p_%r -
I used
%Lfor the short version of the local hostname (for example, if%lisfoo.example.com,%Lwould be justfoo) because when I used%l, my system complained the filename was too long. -
Keep in mind that the socket file is security critical because it is used to piggyback on your existing
sshsessions without authenticating (unless you use theaskorautoaskoptions forControlMaster), so make sure your~/.ssh/connections/directory is readable only by you:chmod 700 ~/.ssh/connections ControlPersist- Not used above, the
ControlPersistoption lets you control when the master connection actually closed. When set tono, it closes with the initial connect. When set toyesit stays open until explicitly closed withssh -O exit. It can also be set to a length of time to stay open after the last connection is closed. - While the default of
ControlPersistis not clearly stated in the documentation, I checked the source code to confirm it does default tono: the default value is set to 0 here if it is still set to its initial value of -1, which is the same value it is given if the configuration file says
.no