Difference between revisions of "SSH Multiplexing"

From UFRC
Jump to navigation Jump to search
Line 1: Line 1:
If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The [https://www.bitvise.com/ BitVise] client is the only SFTP/ssh client we are aware of that supports ssh multiplexing.
+
If you use a Linux or MacOS computer and your workflow involves making
 +
a lot of connections to HiPerGator you may want to use SSH
 +
Multiplexing to avoid having to go through MFA for every
 +
connection. Again, this does not work for Windows computers natively!
 +
The [https://www.bitvise.com/ BitVise] client is the only SFTP/ssh
 +
client we are aware of that supports ssh multiplexing.
  
In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA.
+
In a nutshell, ssh multiplexing works by creating a TCP socket the
 +
first time a connection is made. That socket can be used by subsequent
 +
connections within the idle timeout period to create new connections
 +
without triggering MFA.
  
See [https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/] for reference.
+
See [https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/]
 +
for reference.
  
Example with SSH key authentication that enables SSH multiplexing. Each subsequent connection resets the idle timeout countdown:
+
Example of enabling SSH multiplexing without SSH key authentication,
 +
where each subsequent connection resets the idle timeout countdown.
 +
Edit the ssh configuration file on your local computer (typically
 +
<code>~/.ssh/config</code>) and add or modify the following entry.  Be
 +
sure to change the 'albertgator' <code>User</code> to your username:
 +
 
 +
<pre>
 +
Host hpg
 +
    User albertgator
 +
    HostName hpg.rc.ufl.edu
 +
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
 +
    ControlMaster auto
 +
    ControlPersist 8h
 +
</pre>
 +
 
 +
After the <code>~/.ssh/config</code> changes, use this ssh command.
 +
The "hpg" hostname is not DNS, instead it matches the ssh
 +
configuration block you added:
 +
 
 +
<pre>
 +
$ ssh hpg
 +
</pre>
 +
 
 +
If you are already using SSH key authentication, add this block
 +
instead, which goes to a different port which is expecting ssh keys:
  
Edit the ssh configuration file on your local computer (typically <code>~/.ssh/config</code>) and add or modify the following entry:
 
 
<pre>
 
<pre>
 
Host hpg
 
Host hpg
Line 17: Line 49:
 
     ControlPersist 8h
 
     ControlPersist 8h
 
</pre>
 
</pre>
 
{{Note|If you use username and password remove the <code>Port 2222</code> line from the configuration.<br>Be sure to change the 'albertgator' <code>User</code> to your username.|info}}
 

Revision as of 22:10, 11 January 2022

If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The BitVise client is the only SFTP/ssh client we are aware of that supports ssh multiplexing.

In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA.

See [1] for reference.

Example of enabling SSH multiplexing without SSH key authentication, where each subsequent connection resets the idle timeout countdown. Edit the ssh configuration file on your local computer (typically ~/.ssh/config) and add or modify the following entry. Be sure to change the 'albertgator' User to your username:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h

After the ~/.ssh/config changes, use this ssh command. The "hpg" hostname is not DNS, instead it matches the ssh configuration block you added:

$ ssh hpg

If you are already using SSH key authentication, add this block instead, which goes to a different port which is expecting ssh keys:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    Port 2222
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h