Difference between revisions of "SSH Multiplexing"

From UFRC
Jump to navigation Jump to search
Line 14: Line 14:
 
for reference.
 
for reference.
  
Example of enabling SSH multiplexing without SSH key authentication,
+
==Multiplexing with username and password==
where each subsequent connection resets the idle timeout countdown.
+
To use SSH multiplexing with your username and password (without SSH key authentication).
Edit the ssh configuration file on your local computer (typically
+
edit the ssh configuration file on your local computer (typically
 
<code>~/.ssh/config</code>) and add or modify the following entry.  Be
 
<code>~/.ssh/config</code>) and add or modify the following entry.  Be
 
sure to change the 'albertgator' <code>User</code> to your username:
 
sure to change the 'albertgator' <code>User</code> to your username:
Line 29: Line 29:
 
</pre>
 
</pre>
  
After the <code>~/.ssh/config</code> changes, use this ssh command.
+
After the <code>~/.ssh/config</code> changes, use this ssh command:
The "hpg" hostname is not DNS, instead it matches the ssh
+
$ ssh hpg
configuration block you added:
+
 
 +
NOTE: The "hpg" hostname is not DNS, instead it matches the ssh
 +
configuration block (specifically, "Host hpg") that you added.
  
<pre>
 
$ ssh hpg
 
</pre>
 
  
If you are already using SSH key authentication, add this block
+
==Multiplexing with SSH keys==
instead, which goes to a different port which is expecting ssh keys:
+
If you are using SSH key-based authentication, add this block instead.  This configures the connection to go to a different port (2222) which is expecting ssh keys:
  
 
<pre>
 
<pre>

Revision as of 11:24, 5 April 2022

If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The BitVise and Tabby clients are the only SFTP/ssh client we are aware of that support ssh multiplexing.

In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA.

See [1] for reference.

Multiplexing with username and password

To use SSH multiplexing with your username and password (without SSH key authentication). edit the ssh configuration file on your local computer (typically ~/.ssh/config) and add or modify the following entry. Be sure to change the 'albertgator' User to your username:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h

After the ~/.ssh/config changes, use this ssh command:

$ ssh hpg

NOTE: The "hpg" hostname is not DNS, instead it matches the ssh configuration block (specifically, "Host hpg") that you added.


Multiplexing with SSH keys

If you are using SSH key-based authentication, add this block instead. This configures the connection to go to a different port (2222) which is expecting ssh keys:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    Port 2222
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h