Skip to content

Multiplexing

CCI requires a DUO authentication with each new connection, ruling out standard public-key authentication methods for remote access. When access to CCI systems repeatedly through SSH, including terminal access, SCP, or remote filesystem mounting is required, it can be a hassle to need to authenticate with DUO and password every time. It is possible, however, to establish a consistent connection to a host (such as a landing pad) and any SSH based communication directed to that host will be routed through the existing connection, rather than opening a new one. This is called SSH multiplexing.

SSH can be configured on your device so that when a connection is established to a specific named host, a control socket is created. Any subsequent connections to that specific named host will be directed over that existing control socket if it exists.

This control socket can be configured so that it remains active for a specified time (or indefinitely) even after multiplexed sessions are closed. This means that you could create an SSH connection with a landing pad, authenticate, disconnect, and reconnect without needing to enter your DUO and password a second time.

Setup

To begin, create a file named "config" in your ~/.ssh directory.

  • Host: Your nickname for SSH target (Can be anything)
  • HostName: Target for SSH connection
  • User: Your CCI username
  • ControlMaster: The main option that enables SSH multiplexing, setting it to auto will enable future connections to the same host without prompting that this is intended.
  • ControlPath: Specifies where and how the control socket will be created. In this example, we give it format placeholders for the hostname (%h), port of access (%p), and username (%r); these placeholders will be populated when the control socket file is created.
  • ControlPersist: Configures how long the socket will remain open after the last SSH connection is severed.

Example config file

Host cci01
        HostName blp01.ccni.rpi.edu        
        User EXPLname
        ControlMaster auto
        ControlPath ~/.ssh/control:%h:%p:%r
        ControlPersist 4h

Host cci02
        HostName blp02.ccni.rpi.edu        
        User EXPLname
        ControlMaster auto
        ControlPath ~/.ssh/control:%h:%p:%r
        ControlPersist 4h

Host cci03
        HostName blp03.ccni.rpi.edu        
        User EXPLname
        ControlMaster auto
        ControlPath ~/.ssh/control:%h:%p:%r
        ControlPersist 4h

Host cci04
        HostName blp04.ccni.rpi.edu        
        User EXPLname
        ControlMaster auto
        ControlPath ~/.ssh/control:%h:%p:%r
        ControlPersist 4h

Usage

Now, run:

ssh cci01

It should prompt for your DUO and Password. Upon successful connection, the a control socket will exist in the ~/.ssh/ directory on the user's local machine. Specifically in this example, the control socket will be a named file control:blp01.ccni.rpi.edu:22:EXPLname.

After successfully connecting, you'll have a shell on a landing pad node. You can exit the shell, and then reconnect within a 4 hour time window and not need to re-authenticate.

  • Changing the ControlPersist option to yes or 0 and the socket will cause the socket remain open indefinitely.
  • Deleting this file will close the socket, requiring re-authentication when connecting again.

This method will also work with SCP.

However, things that sever connections could interrupt the socket and require premature re-authentication such as connecting to a VPN, loss of internet connection, changing networks, random hiccups/broken pipes, etc.