Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you're a heavy SSH user, using multiplexing in this manner can have negative consequences [1]. Downsides include having all your multiplexed connections exiting if the master exits!

[1] http://www.anchor.com.au/blog/2010/02/ssh-controlmaster-the-...



More recent SSH clients can use "ControlPersist" to establish the master connection in the background, so the first session doesn't control the lifetime of the connection. This makes using ControlMaster workable.

I usually set ControlPersist to 30 seconds, which may not be long enough for people hoping to get performance improvements from GitHub, . Setting it to too large a value increases the risk that you'll have stale server sockets after a network outage.


> This makes using ControlMaster workable.

Best part of reading this article. I had turned off connection sharing because of this.

So what, in more details, are the downsides to ControlPersist?


One that I frequently run into is that if you use SSH tunneling (like -L), you have to specify it the first time you ssh to that machine (i.e. when the ControlMaster is connected) and can't change it later. Using -L on later ssh's to the same machine silently fail, which can be infuriating if you don't realise it's happening. The best you can do at that point is to kill the ControlMaster ssh (disconnecting you across all your sessions), and then reconnecting with the right -L.


You can skip the master and spawn a fresh connection for your tunnel using `-o ControlPath=none`.


In fact, even better: you can add forwarding to your existing connection. <newline>~C opens a command line, which accepts the following commands:

    ssh> help
    Commands:
      -L[bind_address:]port:host:hostport    Request local forward
      -R[bind_address:]port:host:hostport    Request remote forward
      -D[bind_address:]port                  Request dynamic forward
      -KR[bind_address:]port                 Cancel remote forward
(If you're not familiar with them, some of the other escape sequences are useful too. ~? lists them all.)

[EDIT] Apparently, if you have a recent enough version, you can add a forward to the master with `ssh -O forward ...` [1]

[1] http://serverfault.com/questions/237688/adding-port-forwardi...


You can limit the sharing to just GithHub with a host line:

  Host github.com
  ControlMaster auto
  ControlPath /tmp/%r@%h:%p
  ControlPersist yes


> Downsides include having all your multiplexed connections exiting if the master exits!

I believe this is what ControlPersist is meant to solve - it may not have existed when that blog post was written.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: