By default each SSH connection will create a new TCP connection and require authentication. For normal use cases this is absolutely fine, however it is possible to re-use an existing connection for multiple sessions.
There are three SSH options which control multiplexing,
ControlPersist. A full description of these options can be
found in the ssh_config man page, however below is a
brief description of each option:
- Enables the sharing of multiple sessions over a single network connection.
- The path to a socket file used for connection sharing.
- Specify how long a network connection should remain open to accept new sessions after the control session has closed.
To set these options you can put something similar to the following in
Host somehost.example.com ControlMaster=auto ControlPath=/dev/shm/ssh-%[email protected]%h:%p ControlPersist=5m
After doing this when you first connect to
somehost.example.com you will
establish a new connection and SSH will create a socket file.
Once the first connection to
somehost.exmaple.com is established, additional
connections will re-use the connection. This avoids the overhead of
establishing a new connection.
/dev/shm is normally a tmpfs filesystem, using it in
ControlPath ensures socket files are removed each time the system is
restarted. You can of couse use another location if you want to.
There are two main advantages to sharing connections. Firstly you avoid
overhead associated with establishing additional connections. Connecting to
localhost using a public key takes about 0.2 seconds:
$ time ssh [email protected] : real 0m0.198s user 0m0.026s sys 0m0.011s
In comparison sharing an existing connection takes about a tenth of the time:
$ time ssh [email protected] : real 0m0.022s user 0m0.004s sys 0m0.003s
Connection sharing also allows you to avoid re-type passwords. This is great for environments where you cannot use public key authentication.
OpenSSH on Cygwin
AF_UNIX (AF_LOCAL) sockets are not available in Winsock. They are implemented in Cygwin by using local AF_INET sockets instead. This is completely transparent to the application. Cygwin's implementation also supports the getpeereid BSD extension. However, Cygwin does not yet support descriptor passing.