Floating Octothorpe

SSH Multiplexing

By default each SSH connection will create a new TCP connection and require authentication. For normal use cases this is absolutely fine, however it is possible to re-use an existing connection for multiple sessions.

Config

There are three SSH options which control multiplexing, ControlMaster, ControlPath and ControlPersist. A full description of these options can be found in the ssh_config man page, however below is a brief description of each option:

ControlMaster
Enables the sharing of multiple sessions over a single network connection.
ControlPath
The path to a socket file used for connection sharing.
ControlPersist
Specify how long a network connection should remain open to accept new sessions after the control session has closed.

To set these options you can put something similar to the following in ~/.ssh/config:

Host somehost.example.com
  ControlMaster=auto
  ControlPath=/dev/shm/ssh-%r@%h:%p
  ControlPersist=5m

After doing this when you first connect to somehost.example.com you will establish a new connection and SSH will create a socket file.

Once the first connection to somehost.exmaple.com is established, additional connections will re-use the connection. This avoids the overhead of establishing a new connection.

Note: /dev/shm is normally a tmpfs filesystem, using it in ControlPath ensures socket files are removed each time the system is restarted. You can of couse use another location if you want to.

Advantages

There are two main advantages to sharing connections. Firstly you avoid overhead associated with establishing additional connections. Connecting to localhost using a public key takes about 0.2 seconds:

$ time ssh bob@localhost :

real    0m0.198s
user    0m0.026s
sys     0m0.011s

In comparison sharing an existing connection takes about a tenth of the time:

$ time ssh bob@localhost :

real    0m0.022s
user    0m0.004s
sys     0m0.003s

Connection sharing also allows you to avoid re-type passwords. This is great for environments where you cannot use public key authentication.

OpenSSH on Cygwin

Unfortunately OpenSSH on Cygwin currently doesn't support shared connections. The Cygwin documentation has the following note regarding AF_LOCAL sockets:

AF_UNIX (AF_LOCAL) sockets are not available in Winsock. They are implemented in Cygwin by using local AF_INET sockets instead. This is completely transparent to the application. Cygwin's implementation also supports the getpeereid BSD extension. However, Cygwin does not yet support descriptor passing.