OpenBSD Journal

Software Spotlight: OpenSSH

Contributed by todd on from the when-you-just-want-an-example dept.

Back when OpenSSH 4.2 was released, the first item mentioned under bugfixes and improvements was about the ControlMaster=auto/autoask option having been added to support opportunistic multiplexing. Aside from being a mouthful, you might wonder what this means.

By adding this to my $HOME/.ssh/config file:

     Host *
             ControlPath ~/.ssh/ctl-%r-%h-%p
             ControlMaster auto

.. I ssh to a machine named 'eclipse' in one xterm on my laptop:

     todd@blue/p7 4126$ ssh eclipse
     todd@eclipse's password: 
     Last login: Wed Sep 14 11:46:00 2005 from blue.isp.fries.net
     OpenBSD 3.8 (GENERIC) #130: Mon Aug 29 11:40:56 MDT 2005

     todd@eclipse/p0 1$

So far, nothing is different. Or is it? Back on my laptop, I see this new file created:

     todd@blue/p8 3966$ ls -l $HOME/.ssh/ctl-todd-eclipse-22 
     srw-------  1 todd  todd  0 Sep 14 23:18 /u/todd/.ssh/ctl-todd-eclipse-22=
     todd@blue/p8 3967$ 

This is a 'socket' denoted by the 's' on the far left of the filename. With this, subsequent ssh connections to eclipse from my laptop will use the socket and utilize the existing connection instead of establishing a new one:

     todd@blue/p8 3967$ ssh -v eclipse
     OpenSSH_4.1, OpenSSL 0.9.7g 11 Apr 2005
     debug1: Reading configuration data /u/todd/.ssh/config
     debug1: Applying options for *
     debug1: Reading configuration data /etc/ssh/ssh_config
     debug1: auto-mux: Trying existing master
     Last login: Wed Sep 14 23:17:03 2005 from blue.wfi.fries.net
     OpenBSD 3.8 (GENERIC) #130: Mon Aug 29 11:40:56 MDT 2005

     todd@eclipse/p1 1$ 

This has really saved me a lot of time since I started using this new functionality. If you are a regular user of ssh on a unix system, I suspect it will save you time as well!

Disclaimer: Only available via Protocol 2, limit of 10 connections per socket.

(Comments are closed)


Comments
  1. By sat (66.65.113.58) on

    Putting those options in an OpenSSh 4.1 (or previous I assume) ~/.ssh/config file fuxor up your ability to connect anywhere.

    Comments
    1. By Todd T. Fries (208.54.30.236) todd@openbsd.org on http://todd.fries.net/

      While technically people could follow the release link in the original story, I've updated the story to specifically state 4.2. Thanks!

    2. By Mark Garcia (71.39.45.177) mail to mag at wavecentral d0t com on

      You are correct. This is why it is mentioned under 'bugfixes' I have 3.9 version, but if you want to test how this works you could to the following:
      $ ssh -o "ControlPath=~/.ssh/ctl-todd-eclipse-22" -o "ControlMaster=yes" -l todd eclipse
      
      You will see the same file. Then to get passwordless connections to that same host, you would want to try:
      $ ssh -o "ControlPath=~/.ssh/ctl-todd-eclipse-22" -o "ControlMaster=no" -l todd eclipse
      
      Notice that it doesn't ask you for a password :-) You might be wondering what the 'ask' will do? If you did "ControlMaster=ask" on your FIRST connection to a machine, then doing subsequent connections to the same host with "ControlMaster=no", you will be prompted with a dialog box asking to allow the use of your master connection.

      The features that were missing, that are addressed in this release are the macro expansion of %r, %h, %p. And the addition of 'auto' and 'autoask' for the ControlMaster argument. 'auto' puts the intelligence back into ssh to detect if an existing socket file exists, and then use it. Or if it doesn't, then create it inheriting noask (removing the pop-up ask option for allowing someone to use an already existing connection.)

      Use 'autoask' and you get the same intelligence, but it flags it with an ask option on future connection to the same user/host/port.

      -.mag

  2. By djm@ (203.58.120.11) on

    Thanks for writing this up Todd, I suck for not making this more accessible.

    If you know that you are going to be using a server frequently, you can initiate a backgrounded master connection to it that will persist until you tell it to go away. Assuming you already have Todd's config bits in ~/.ssh/config, you can do:

    ssh -Nnf user@yourhost

    which will set up a master connection that puts itself in the background after authentication. All subsequent connections will automagically use it.

    When you want it to go away, you can signal it using the multiplex "command mode" option:

    ssh -O exit user@yourhost

    Another useful -O command is "-O check", which will report on the master's PID. This might be useful in scripts that need to make sure a connection is alive (e.g. distcc).

    There is more work planned for the multiplexing code, in particular the ability to add port forwardings to an active master and hooking up the channel escape (e.g. "~.") handler.

  3. By Jim (68.250.26.213) on

    I've been negligent in not using this before now. I just added the same options to my config and now my second+ ssh session logs in faster than I've dreamed possible!

    This is awesome!

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]