[openssl-users] Best way to combine ControlPersist and ProxyCommand?

David Coppit david at coppit.org
Fri Sep 11 21:49:26 UTC 2015

Hi all,

What's the best way to set up a persistent master connection, along with a
proxy jump host? Ideally the persistent master would speed up connections
to machines behind the proxy, not just the connection to the proxy.

Is this okay?

Host jumpbox
    User           jumpboxuser
    IdentityFile   jumpbox_key
    ControlMaster  auto
    ControlPath    ~/.ssh/controlmaster-%r@%h:%p
    ControlPersist 5m

Host internal1 internal2 internal3 internal4
    User           internaluser
    IdentityFile   internal_key
    ProxyCommand   ssh -W %h:%p -F ssh.config jumpbox
    ControlMaster  auto
    ControlPath    ~/.ssh/controlmaster-%r@%h:%p
    ControlPersist 5m

I was worried that the internal[1234] controlmaster connections would be
multiplexed through the jumpbox one, but I stopped the jumpbox master with
"-O stop", verified that the socket file was gone, and the internal[1234]
controlmaster connections seemed to keep working.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150911/2d2911eb/attachment.html>

More information about the openssl-users mailing list