SSH : Multiplexing connections

There is a feature in OpenSSH since v3.9 which allows multiple SSH connections with the same caracteristics (host, port, remote login) to be made through a single TCP connection. This is useful because you’ll have to authenticate only once, and besides the new SSH connections will be much faster to establish.

Enabling connections multiplexing is actually just a matter of 2 options to set. I find it practical and easy to set them globally by editing my ~/.ssh/config and adding the following lines :

?View Code CONFIG
Host *
	ControlMaster auto
	ControlPath ~/.ssh/sockets/ssh-socket-%r-%h-%p

These settings apply for any hosts, but you could enable it selectively if needed. “ControlMaster auto” will start a master connection and create the control socket if none exist yet. The control socket will be created in the path specified by the ControlPath directive. This socket is used by the ssh client to create a new SSH connection over an already existing master connection.

It is recommended that the socket name contains the hostname (%h), the port (%p) and the remote username (%r), to avoid using an inappropriate control socket when establishing a new connection.

The path where the control sockets are created are to be correctly protected (the directory permissions should be something like 0700 and the sockets themselves 0600) because if the sockets are accessible, they can be used to establish connection as the user who created the master connection.

Leave a Reply

Your email address will not be published. Required fields are marked *