Difference between revisions of "SSH Multiplexing"
Johnbullard (talk | contribs) |
|||
Line 1: | Line 1: | ||
− | If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The [https://www.bitvise.com/ BitVise] client is the only SFTP/ssh client we are aware of that supports ssh multiplexing. | + | If you use a Linux or MacOS computer and your workflow involves making |
+ | a lot of connections to HiPerGator you may want to use SSH | ||
+ | Multiplexing to avoid having to go through MFA for every | ||
+ | connection. Again, this does not work for Windows computers natively! | ||
+ | The [https://www.bitvise.com/ BitVise] client is the only SFTP/ssh | ||
+ | client we are aware of that supports ssh multiplexing. | ||
− | In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA. | + | In a nutshell, ssh multiplexing works by creating a TCP socket the |
+ | first time a connection is made. That socket can be used by subsequent | ||
+ | connections within the idle timeout period to create new connections | ||
+ | without triggering MFA. | ||
− | See [https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/] for reference. | + | See [https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/] |
+ | for reference. | ||
− | Example | + | Example of enabling SSH multiplexing without SSH key authentication, |
+ | where each subsequent connection resets the idle timeout countdown. | ||
+ | Edit the ssh configuration file on your local computer (typically | ||
+ | <code>~/.ssh/config</code>) and add or modify the following entry. Be | ||
+ | sure to change the 'albertgator' <code>User</code> to your username: | ||
+ | |||
+ | <pre> | ||
+ | Host hpg | ||
+ | User albertgator | ||
+ | HostName hpg.rc.ufl.edu | ||
+ | ControlPath ~/.ssh/cm-%r@%l-%h:%p | ||
+ | ControlMaster auto | ||
+ | ControlPersist 8h | ||
+ | </pre> | ||
+ | |||
+ | After the <code>~/.ssh/config</code> changes, use this ssh command. | ||
+ | The "hpg" hostname is not DNS, instead it matches the ssh | ||
+ | configuration block you added: | ||
+ | |||
+ | <pre> | ||
+ | $ ssh hpg | ||
+ | </pre> | ||
+ | |||
+ | If you are already using SSH key authentication, add this block | ||
+ | instead, which goes to a different port which is expecting ssh keys: | ||
− | |||
<pre> | <pre> | ||
Host hpg | Host hpg | ||
Line 17: | Line 49: | ||
ControlPersist 8h | ControlPersist 8h | ||
</pre> | </pre> | ||
− | |||
− |
Revision as of 22:10, 11 January 2022
If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The BitVise client is the only SFTP/ssh client we are aware of that supports ssh multiplexing.
In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA.
See [1] for reference.
Example of enabling SSH multiplexing without SSH key authentication,
where each subsequent connection resets the idle timeout countdown.
Edit the ssh configuration file on your local computer (typically
~/.ssh/config
) and add or modify the following entry. Be
sure to change the 'albertgator' User
to your username:
Host hpg User albertgator HostName hpg.rc.ufl.edu ControlPath ~/.ssh/cm-%r@%l-%h:%p ControlMaster auto ControlPersist 8h
After the ~/.ssh/config
changes, use this ssh command.
The "hpg" hostname is not DNS, instead it matches the ssh
configuration block you added:
$ ssh hpg
If you are already using SSH key authentication, add this block instead, which goes to a different port which is expecting ssh keys:
Host hpg User albertgator HostName hpg.rc.ufl.edu Port 2222 ControlPath ~/.ssh/cm-%r@%l-%h:%p ControlMaster auto ControlPersist 8h