Search Docs by Keyword

Table of Contents

Using SSH ControlMaster for Single Sign-On

OpenSSH has an option called ControlMaster that enables the sharing of multiple sessions over a single network connection. This means that you can connect to the cluster once, enter your password and verification code, and have all other subsequent ssh sessions (including svn, rsync, etc. that run over ssh) piggy-back off the initial connection without need for re-authentication. You can specify such options each time on the command line, but it’s easiest if you put it in your ssh client configuration file so that it applies every time.

Note that all port forwarding, including X display forwarding, must be setup by the initial connection and cannot be changed. For example, if you set up a master connection when sitting at your desktop, and then later ssh to the desktop itself and use that cannon connection, X programs that you run will open on the desktop’s display, not the display of the computer you’re now connecting to the desktop from. Likewise, if you forget to use -X on the initial connection, you will not be able to open X programs on subsequent connections.


On your Mac or linux desktop or laptop, create a text file ~/.ssh/config with, for example, the following contents:

Host cannon
User myusername
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p

where myusername is replaced appropriately.

This sets things up so that whenever you ssh to the host nickname cannon: ssh cannon

It will look for the special file (a socket) in your ~/.ssh/ directory that is maintaining a connection to the cluster. If it already exists and is open, it’ll use it to create a connection without re-authenticating; if it doesn’t exist, it’ll authenticate and create the file for subsequent use.
Note that all subsequent connections are dependent on the initial connection — if you exit or kill the initial connection all other ones die, too. This can obviously be annoying if it happens accidentally. It’s easily avoided by setting up a master connection in the background:

ssh -CX -o ServerAliveInterval=30 -fN cannon

The -fN make it go into the background and sit idle, after authenticating. (C for compression,Y for X forwarding, and -o ServerAliveInterval=30 to prevent dropped connections have nothing to do with the ControlMaster but are almost always helpful.)


The PuTTY client for Windows also allows a ControlMaster setting under ‘Connection’ → ‘SSH’ → ‘Share SSH connections if possible’

putty panel

One can also prevent dropped connections under ‘Connection’ → ‘Seconds between keepalives’


Bookmarkable Section Links

© The President and Fellows of Harvard College
Except where otherwise noted, this content is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license.