How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing nixCraft Updated Tutorials/Posts

How do I reuse ssh connection using multiplexing to speed up remote login procedure with OpenSSH client under Linux, macOS, *BSD and Unix-like operating systems?

Using SSH Multiplexing on Linux or Unix to Speed Up LoginUsing SSH Multiplexing on Linux or Unix to Speed Up Login
You can reuse the connection to the remote server using controlmaster directive. To enables the sharing of multiple sessions over a single network connection to add controlmaster after host directive. When set to yes ssh client will listen for connections on a control socket specified using the ControlPath argument. These sessions will try to reuse the master instance’s network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening. Multiplexing is nothing but the ability to send more than one signal over a single line or connection. OpenSSH can reuse an existing ssh TCP connection using multiplexing.

Tutorial details
Difficulty level Easy
Root privileges No
Requirements OpenSSH on Linux/Unix/macOS
Save and close the file when using vi/vim text editor. Now connect as usual using the ssh command:
$ ssh vivek@vpn.nixcraft.co.in
Next, time you connect again it will use connection socket /tmp/ssh-vivek@vpn.nixcraft.in:22 to speed up things. You don’t have to input password or anything else. You need one connection to be active for the second to be accelerated. This also works with scp / sftp etc:
$ scp /path/to/file.txt vivek@vpn.nixcraft.co.in:/tmp

Compare ssh command with and without multiplexing

You can compare the time it takes to run command on a slow remote server, using time. First, run time command without multiplexing (remove entries from ~/.ssh/config file):
$ time ssh vivek@vpn.nixcraft.co.in /path/to/command
$ time ssh -o 'ControlMaster=no' vivek@vpn.nixcraft.co.in /bin/true

Sample outputs:

real	0m3.546s
user	0m0.016s
sys	0m0.008s

Now, run same command with multiplexing (add entries to ~/.ssh/config):
$ time ssh vivek@vpn.nixcraft.co.in /path/to/command
$ time ssh vivek@vpn.nixcraft.co.in /bin/ture

Sample outputs:

real	0m0.621s
user	0m0.006s
sys	0m0.004s

How to disable multiplexing for a single ssh command session?

Run command as follows with ControlMaster set to no:
$ ssh -o 'ControlMaster=no' vivek@vpn.nixcraft.co.in

How to find out or check the status of multiplexing

$ ssh -O check vivek@vpn.nixcraft.co.in
Sample outputs:

Master running (pid=64134)

How to stop multiplexed connections

To gracefully shutdown multiplexing pass the -O stop option to the ssh command:
$ ssh -O stop vivek@ vivek@vpn.nixcraft.co.in
Sample outputs:

Stop listening request sent.

Pass the -O exit option to remove the control socket and immediately terminates all existing connections, run:
$ ssh -O exit vivek@vivek@vpn.nixcraft.co.in
Sample outputs:

Exit request sent.

And all of your ssh session will terminated with the following message:

Patreon supporters only guides 🤓

  • No ads and tracking
  • In-depth guides for developers and sysadmins at Opensourceflare✨
  • Join my Patreon to support independent content creators and start reading latest guides:

Join Patreon ➔

Shared connection to vpn.nixcraft.co.in closed.

A sample session output

Fig.01: How To Reuse SSH Connection To Speed Up Remote Login Process Using MultiplexingnFig.01: How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexingn

Fig.01: A sample session that shows how to reuse SSH connection to speed up login with multiplexing

Using ssh multiplexing with ProxyCommand

You can go through one host to reach another server. In this example, you reach to internal host called 10.70.203.66 via vpn.nixcraft.co.in:

Host internal HostName 10.70.203.66 User vivek ProxyCommand ssh vivek@vpn.nixcraft.co.in -W %h:%p ControlPath ~/.ssh/controlmasters/%r@%h:%p ControlMaster auto

Just type the following command to go through ‘vpn.nixcraft.co.in’ to reach another server called ‘internal’:
$ ssh internal

Say hello ControlPersist option

When ControlPersist used in conjunction with ControlMaster, specifies that the master connection should remain open in the background (waiting for future client connections) after the initial client connection has been closed. You can set it as follows:

  1. ControlPersist no : The master connection will not be placed into the background, and will close as soon as the initial client connection is closed.
  2. ControlPersist yes : The master connection will remain in the background indefinitely (until killed or closed via a mechanism such as the ssh -O exit user@host option. Further, if set to yes then, if set to a time in seconds, or a time in any of the formats documented in sshd_config(5), then the backgrounded master connection will automatically terminate after it has remained idle (with no client connections) for the specified time. For example, ControlPersist 10m.

Here is an updated config file:

Host internal HostName 10.70.203.66 User vivek ProxyCommand ssh vivek@vpn.nixcraft.co.in -W %h:%p ControlPath ~/.ssh/controlmasters/%r@%h:%p ControlMaster auto ControlPersist yes

A note about X11, ssh-agent and port forwarding

Please note that X11 and ssh-agent forwarding is supported over these multiplexed connections, however the display and agent forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays or agents. However, you can create new session as follows for port forwarding:
$ ssh -M -S /tmp/3001.port.forwording -L 3001:localhost:3001 -N -f vivek@vpn.nixcraft.co.in

Summing up

You learned about SSH multiplexing on Linux or Unix-like systems. The main advantage is that the burden of creating new TCP connections and negotiating the secure connection is reduced. In addition, by using this simple trick, we can speed up our ssh session. See ssh man pages using the man command:
man ssh
man ssh_config

See “OpenSSH Config File Examples For Linux / Unix Users” and “OpenSSH security tips” for more info.

ADVERTISEMENT

Posted by Contributor