A little gotcha with SSH connection sharing
I've written before about SSH connection sharing (and how I use it), but I should mention that there is one little obscure gotcha with it. The one gotcha is that all sessions inherit at least one thing from the initial session, instead of setting it up from scratch.
Specifically, X forwarding is only set from the initial session. All ssh sessions over the shared connection channel will use the X forwarding set up for the initial session and thus talk to whatever X display it was connected to, regardless of what their own $DISPLAY is set to (and even if it's not set to anything). If the initial session had no X forwarding (perhaps because it was started outside of X), then no subsequent session will have it.
This is not the case for port forwarding, where a subsequent session can
set up a new port forwarding. It's also not the case for the various
environment variables that SSH normally propagates to the server; you
can have different settings for things like
different sessions over the same shared connection.
(I don't know what happens with ssh agent forwarding; I don't have a test environment because I don't use a ssh agent or agent forwarding myself.)
Now, I will admit that this is an obscure gotcha; most people will never run into it because they won't be using the client machine with different $DISPLAY settings at the same time. I'm peculiar this way because I sometimes wind up logged on to my office workstation from home at the same time as my regular office environment is running (complete with its ssh connection sharing).
Sidebar: workarounds and solutions
The real solution is that the ssh
ControlPath setting should have a
substitution for the local $DISPLAY value; you could then make and find
control sockets that were specific to the $DISPLAY (or lack thereof)
that the initial master session supported.
My original hack solution was to use an uncommon variant of the hostname of the target servers in the script where I was setting up and using shared connections. Then when I ssh'd to the host by hand I'd naturally use the common hostname and thus not find the shared connection. This had the drawback that I'm not using the shared connection if I ssh to the host by hand from inside my regular office environment, even though I could and it would be more efficient.
My current solution is a cover script for
ssh that checks to see
if $DISPLAY is set and if it isn't, forces '
ControlPath none' to
effectively turn off shared connections. This is not completely ideal or
correct, but solves all of the immediate problems.
(In retrospect, a better but more complex solution would be to use a
cover script to set
ControlPath to something where I manually included
the value of $DISPLAY.)
Comments on this page:Written on 26 June 2012.