Hacker News new | past | comments | ask | show | jobs | submit login
SSH Multiplexing & other OpenSSH Tricks (symkat.com)
127 points by symkat on Aug 22, 2010 | hide | past | favorite | 23 comments



I do wish keepalive could be turned on/off more dynamically - most of the locations I connect from it's a disadvantage so I don't have it configured, and having to edit the config file when I'm in one where it's useful just annoys me.

I suppose I should just write a script that perl -pi -e 's/KeepAlive yes/KeepAlive no/' .ssh/config or similar, but it still seems ... annoying.


You can create 'fake' hosts but with the same hostname:

  ~/.ssh/config
  Host serverWith
      HostName server.home.net
      OptionBLA yes

  Host serverWithout
      HostName server.home.net
      OptionBLA no
It also has autocomplete, so you can type ssh server<TAB>


"It" being your shell. Some do.


You are right, but who is the masochist that uses one that doesn't have that functionality ? ;)


You might be able to provide it with the -o option:

ssh -o "KeepAlive no" example.com


What about in your config file:

  Host *.whatever.com
  ServerAliveInterval 900
  Host *.whatsup.com
  ServerAliveInterval 60


It's about where I am, not about where they are. slug's comment looks like a great idea though.


> I do wish keepalive could be turned on/off more dynamically

PuTTY can do that. It's GUI though.


I'm curious why you would want multiple connections to the same host in the first place. Why not use a terminal multiplexer?


It removes the latency if you need to interact with the remote server, for example with remote repositories. I tried some experiments today with Bitbucket, and using connection multiplexing halved the time of most of my common mercurial operations (8s -> 4s).


it's convenient if you want to pipe the output of a command on a remote machine into another command on a local machine

ssh server remotecommand | localcommand


And some reasons why you might want to do that:

* set up a machine with all packages installed on some (debian/ubuntu) server: ssh server dpkg --get-selections| cut -f1 | xargs sudo apt-get install

* compare output of commands on two machines diff <(command) <(ssh server command)

* test/configure software on a local machine, plugging in its input from the roduction machine where it will be installed once ready

* avoid installing software on the server entirely; pull in the remote output and wrangle it locally (obv. not so good for high volumes)

* think a bug can be fixed by upgrading some software? try it on a test machine, pipe in the required input, and see


Is there a way to do the reverse? That is, can I ensure a more stable connection by using one terminal to open multiple SSH TCP connections for faster speed and redundancy?

My workplace sometimes suffers from serious problems and because TCP allocates resources based on number of connections, I'm pretty sure I can improve the situation by establishing 2 tcp connections for the terminal.


TCP was designed to assume that packet loss was due to contention... so if you have random or other non-contention-related packet loss, your sessions will slow to a crawl. In this case multiplexing might make things worse than separate sessions... but you're probably just as screwed either way. What you really need to do is just get them to fix the random packet loss problem you probably have.


+1 just for the multiplex magic, But then, I /would/ say that =)

That TTL thing is handy too, I'm sure I had some understanding of it previously, but reading the article made me check my settings and made me realize my timeouts were ridiculously low so even short disconnections killed my session.


For the proxy thing you may want to configure your applications to proxy DNS requests as well. Some do not do it by default and would leak the hostnames you're connecting to.

In firefox the about:config variable is "network.proxy.socks_remote_dns". Set it to true.


autossh http://www.debianadmin.com/autossh-automatically-restart-ssh...


I wish cygwin supported multiplexing. Emacs + TRAMP is noticeably slower for me when I'm running on Windows. Anyone have a good workaround or alternative?


See also: http://news.ycombinator.com/item?id=1536126


'-t' is also useful if you have machines behind a NAT you want to get to: ssh -t gateway.example.com ssh protected_machine


Or you could add the following to your ~/.ssh/config instead:

    Host protected_machine other_protected_machine
    ProxyCommand /usr/bin/ssh gateway.example.com /bin/nc -w 3700 %h %p
(Assumes you have /bin/nc installed on your gateway.)


just to be clear, multiplexing happens on the client side, right? What's the difference between multiplexing and ssh-proxy?


Multiplexing is multiplexing. That is, encoding multiple data streams across one channel. In our case, thats having a singular SSH connection from a to b, but having multiple streams of bidirectional data flowing across that singular connection. https://secure.wikimedia.org/wikipedia/en/wiki/Multiplexing So no, multiplexing is started on the client side, and then it happens on server side too. There has to be a multiplex ( many to 1 ) and demultiplex ( 1 to many ) in order for "multiplexing" to occur.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: