Difference between revisions of "SSH Multiplexing"

If you use a Linux or MacOS computer and your workflow involves making a lot of connections to HiPerGator you may want to use SSH Multiplexing to avoid having to go through MFA for every connection. Again, this does not work for Windows computers natively! The BitVise and Tabby clients are the only SFTP/ssh client we are aware of that support ssh multiplexing.

In a nutshell, ssh multiplexing works by creating a TCP socket the first time a connection is made. That socket can be used by subsequent connections within the idle timeout period to create new connections without triggering MFA.

See [1] for reference.

Example of enabling SSH multiplexing without SSH key authentication, where each subsequent connection resets the idle timeout countdown. Edit the ssh configuration file on your local computer (typically ~/.ssh/config) and add or modify the following entry. Be sure to change the 'albertgator' User to your username:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h

After the ~/.ssh/config changes, use this ssh command. The "hpg" hostname is not DNS, instead it matches the ssh configuration block you added:

$ ssh hpg

If you are already using SSH key authentication, add this block instead, which goes to a different port which is expecting ssh keys:

Host hpg
    User albertgator
    HostName hpg.rc.ufl.edu
    Port 2222
    ControlPath ~/.ssh/cm-%r@%l-%h:%p
    ControlMaster auto
    ControlPersist 8h