Contributed by grey on from the taking advantage of newer features dept.
For about a month, the in-tree ssh client has supported session multiplexing, but I didn't get around to trying it until a few days ago. The result? Mind-bogglingly fast logons (since the connection is shared and already authenticated, _lots_ of things can be skipped). This makes remote CVS operations seem as fast as local ones.
Session multiplexing works a bit differently than I expected. I had expected ssh to fall back to TCP if the multiplexing socket didn't exist which it doesn't seem to do (I haven't found the way to do it yet), and this at first seemed to make it much less useful -- especially because you cannot start two clients trying to be ControlMaster (so putting `ControlMaster yes' in ~/.ssh/config doesn't work).
However, after playing around with it, I came across the idea of putting something like this in ~/.xsession:
ssh -fMN host
The `host' entry in ~/.ssh/config was expanded with `ControlPath ~/.ssh/control.host'. I had preferred to put something like `ControlPath ~/.ssh/control.%H' in the `Host *' entry but this isn't possible in the current code and it would probably be annoying without fallback to TCP anyway.
Someone might argue that starting `ssh -fMN host' from ~/.xsession is a bad idea, securitywise. However, this is just about as insecure as using ssh-agent without specifying `-c' when ssh-add'ing keys, and one can always make a `host-control' entry in ~/.ssh/config which has `ControlMaster ask' instead (this uses $SSH_ASKPASS to get permission to allow the new session) and then leave out `-M' in the background ssh session.
This is my experience and setup. Now, my questions are:
1) Are my security considerations correct? 2) Has anyone found another (better?) setup? 3) Has anyone found other uses than simply faster logons?
(Comments are closed)