Building true ssh opportunistic connection sharing

August 9, 2009

OpenSSH has decent basic support for opportunistic connection sharing, but most of this is that ssh will look for an existing master connection before making a new one. It could do better and enable a true opportunistic connection sharing mode.

There's two problems with ssh's current support for this, one big and one small. First, being the master connection can keep your ssh running when it would otherwise exit. Second, the master connection exits immediately when there's no active sessions running over it; there's no option to make it wait around for a bit in case you're going to open another session soon.

(You can sort of fake your way around both of these, but in either case there are drawbacks and limitations.)

The second problem is at least theoretically easy to solve; add a ssh setting to delay closing the master connection down for some number of seconds after the last session closes. (Hopefully this is allowed by the protocol. If not, ssh might have to hold a do-nothing session open behind the scenes.)

The first problem doesn't have a clear, obvious solution, but I see two approaches. The brute force solution is to add an option where ssh runs a command if there is no master connection, and then tries again. The elegant solution is to have a switch that makes ssh fork and detach a child process to handle the master connection once it's set up.

(Much like the -f switch, you could only push the master connection into the background after all of the necessary authentication and so on had been done.)

Sidebar: my theory on how to fake your way around these

There's no good way to fake a connection close delay; the only thing you can really do is decide that you're willing to have the master connections sit around forever (or until you kill them by hand), at which point you just have them run sleep with an absurdly long timeout or the like.

The best way to deal with the second problem is always try to start connection masters, but run them with '-o "ControlMaster auto"' so that if a master connection already exists, the new would-be connection master silently converts itself into just a session over the connection. Unfortunately, for this to work well you want the connection master sessions to run a command that will exit after not too long; otherwise your machines will wind up running an ever growing collection of very long sleep's or the like.

Written on 09 August 2009.
« How I use ssh's connection sharing feature
The difference in the Bourne shell between : and # »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Aug 9 01:42:46 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.