I recently learned of a new OpenSSH feature that I've wanted for years, the ability to reuse the already existing connection to a remote host when I want to open subsequent connections.

In the course of a typical day I'm sure we all open a plethora of ssh connections to our servers. I would also wager that most of us have multiple connections open to some systems. While these multiple connections don't take up any noticeable amount of system resources each of these connections does take up some of your valuable time to establish. Provided you are using OpenSSH version 4 or higher, we can cut the time it takes to establish an ssh connection considerably simply by adding the following to your ~/.ssh/config file:

Host * ControlMaster auto ControlPath /tmp/%r@%h:%p

This tells your ssh client to always use a ControlMaster on all hosts. You can set it to autoask instead of auto to have ssh prompt you for whether or not to reuse an existing connection. The configuration directive ControlPath tells ssh where it should keep its socket information. I've chosen to put these files in /tmp, however it may be best to put this into your own home directory on multi-user systems.

For example you could instead do:

Host * ControlMaster auto ControlPath ~/.ssh/%r@%h:%p

Which will put the socket information into your home directory instead.

NOTE: You will need to specify -o ControlMaster=no when using ssh to do ssh tunneling otherwise multiple tunnels to a particular host will not work.

I've also stumbled upon a problem with using this technique with subversion repositories using svn+ssh. Rob Holland of Inverse Path contacted me with a solution. If you add the following to your ~/.subversion/config file it will turn off ControlMaster for your svn connections:

[tunnels] ssh = ssh -o ControlMaster=no

Thanks Rob for the great tip!

Books on SSH

In case you need more help with ssh or just want to learn more about it, here are some books that can help:

Hopefully this saves you some time during your day. If you find any errors or have any suggestions regarding this please feel free to E-mail me at frank@revsys.com.