Connection Reuse in Secure Shell Sessions
Connection reuse enables additional Secure Shell sessions to be added to an already established Secure Shell connection. A simple analogy for this is a fiber optic cable, in which the outside pipe represents the connection, through which the various fiber-optic strands (the sessions and tunnels) are routed. The additional sessions can be new terminal sessions, new SFTP file transfer sessions, forwarded X11connections, any communications configured for port forwarding through the SSH tunnel, or any connection established using one of the Secure Shell command line utilities.
When you reuse an established Secure Shell connection, you don\'t need to repeat the authentication process. The new session always uses all the Secure Shell settings configured for the initial connection. Any differences in authentication methods, cipher or MAC settings, or port forward definitions are ignored.
Connection reuse is enabled by default for all Secure Shell connections from the user interface. You can disable this feature by clearing the Reuse existing connection if available check box on the General section of the Secure Shell Settings dialog box.
After you have established a connection in which Reuse existing connection if available is enabled, subsequent Secure Shell sessions reuse the established connection if all of the following conditions are true:
The host name in the new session must exactly match the host name in the established connection.
The user name in the new session must exactly match the user name in the established connection.
The port number in the new session must be the same as the port number in the established connection. (This condition will be true by default.)
If the original session is configured to use an SSH configuration scheme that is different from the host name, the new session must be configured to use the same scheme.
If you are using command line utilities to make SSH connections, additional conditions must be met in order to reuse existing connections. These are outlined below.
Connection Reuse in Command Line Sessions
Connection reuse is useful for command line operations in which Secure Shell connections are required, numerous small operations are needed between a client and a single server, and the authentication and key exchange time interval is a significant part of the total connection time. This would be the case if you need to transfer multiple small files, or execute simple operating system commands that do not result in large quantities of returned output. In these cases it might be advantageous to create the original SSH connection using the ssh (or ssh2) command line utility, and then reuse the connection with subsequent command line utility operations.
By default, connection reuse is disabled for the Secure Shell client command line utilities: ssh, scp, sftp, scp2, and sftp2. To enable connection reuse with any of these command line utilities, you must use one of the following techniques.
Add the switch
" -o ConnectionReuse=yes"to each command line. You must use this switch when you establish the initial connection, and in all subsequent command lines that you want to reuse the initial connection. For example, with the following commands, the sftp connection will reuse the connection established by the ssh command.
ssh "-o connectionReuse=yes" myuser@myhost sftp "-o connectionReuse=yes" myuser@myhost
In the DOS command window (or at the beginning of a batch script file), set the environment variable SSHConnectionReUse as shown here:
If conflicting settings are present, the -o switch takes precedence.
- OpenSSH servers support a MaxStartups parameter that can be used to limit the number of concurrent unauthenticated sessions. This setting will affect the number of sessions you can establish that reuse an existing connection. When you have reached the maximum number of sessions specified in the MaxStartups parameter, all subsequent sessions will require a separate SSH connection with authentication. Contact your ssh server administrator, if you need to establish more concurrent unauthenticated sessions than are currently allowed.
- Command line utilities cannot be configured for connection reuse in the Secure Shell configuration file. The ConnectionReuse keyword in this file is always ignored by the Secure Shell command line utilities, even when the -H switch is used to specify an SSH configuration scheme that includes this setting.