OpenSSH: Difference between revisions
New page: OpenSSH is a powerful, open-source implementation of the Secure Shell protocol. ==External Links== * [http://www.openssh.com/ OpenSSH] home page * [http://www.monkey.org/~provos/scanssh/ ... |
No edit summary |
||
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
OpenSSH is a powerful, open-source implementation of the Secure Shell protocol. | OpenSSH is a powerful, open-source implementation of the Secure Shell protocol. | ||
==Connection multiplexing== | |||
OpenSSH 4.0 added connection multiplexing, which can tremendously accelerate ssh connection setup. I discern no weaker security here than that accepted when forwarding an agent -- root on the target machine can take advantage of the control named pipe created, unless the "ask"/"autoask" properties are used (and even then, they could be snooping memory...). There's some serious speed wins to be had:<pre>[recombinator](127) $ \time -f %E ssh -oControlPath=none hogwarts true | |||
0:01.44 | |||
[recombinator](0) $ \time -f %E ssh -oControlPath=none hogwarts true | |||
0:01.65 | |||
[recombinator](0) $ \time -f %E ssh -oControlPath=none hogwarts true | |||
0:01.68 | |||
[recombinator](0) $ \time -f %E ssh -oControlPath=none hogwarts true | |||
0:01.61 | |||
[recombinator](0) $ \time -f %E ssh hogwarts true | |||
0:00.26 | |||
[recombinator](0) $ \time -f %E ssh hogwarts true | |||
0:00.20 | |||
[recombinator](0) $ \time -f %E ssh hogwarts true | |||
0:00.20 | |||
[recombinator](0) $ \time -f %E ssh hogwarts true | |||
0:00.22 | |||
[recombinator](0) $ </pre> | |||
Just set <tt>ControlPath</tt> to something like <tt>~/.tmp/ssh/%r-%l-%h-%p</tt> (make sure the directory exists!), and <tt>ControlMaster</tt> to <tt>auto</tt> or <tt>autoask</tt>. Display and agent forwardings will be available to all multiplexed connections, but (at least as of 5.2) it is impossible to forward multiple displays or agents. The [http://gcc.gnu.org/wiki/SSH_connection_caching GCC Wiki] recommend creating a master ssh connection, ala persistent port forwardings, via an early <tt>ssh -fMN</tt>. Note that the master connection will not, by default, exit until any connections multiplexed atop it have disconnected. | |||
If the master connection goes bad for some reason, all multiplexed connections tend to suffer similarly (as one would expect). | |||
==External Links== | ==External Links== | ||
* [http://www.openssh.com/ OpenSSH] home page | * [http://www.openssh.com/ OpenSSH] home page | ||
* [http://www.monkey.org/~provos/scanssh/ ScanSSH] home page | * [http://www.monkey.org/~provos/scanssh/ ScanSSH] home page | ||
* David Hilley's "[https://docs.google.com/View?id=dg9vm9bf_22hptwkgfq&pli=1 SSH Tips and Tricks]", GT-LUG 2007-02-28 | |||
[[CATEGORY: Networking]] | |||