27

I am using OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 with Mac OS X Snow Leopard. I have ControlMaster feature configured to maintain persistent connections. My ~/.ssh/config have the following:

Host *
  ControlPath /ms/%r@%h:%p
  ControlMaster auto
  ControlPersist 4h

Host *.unfuddle.com
  ControlMaster no

However, from what I see - even when I am trying to use SSH for unfuddle.com hosts, master connection get always created:

[andrey-mbp ~]$ ssh -v git@droolit.unfuddle.com
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/akhkharu/.ssh/config
debug1: /Users/akhkharu/.ssh/config line 1: Applying options for *
debug1: /Users/akhkharu/.ssh/config line 6: Applying options for *.unfuddle.com
debug1: Reading configuration data /usr/local/Cellar/openssh/5.9p1/etc/ssh_config
debug1: auto-mux: Trying existing master
debug1: Control socket "/ms/git@droolit.unfuddle.com:22" does not exist
debug1: Connecting to droolit.unfuddle.com [174.129.5.196] port 22.
debug1: Connection established.
debug1: identity file /Users/akhkharu/.ssh/id_rsa type 1
debug1: identity file /Users/akhkharu/.ssh/id_rsa-cert type -1
debug1: identity file /Users/akhkharu/.ssh/id_dsa type 2
debug1: identity file /Users/akhkharu/.ssh/id_dsa-cert type -1
debug1: identity file /Users/akhkharu/.ssh/id_ecdsa type -1
debug1: identity file /Users/akhkharu/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA a6:74:33:36:95:31:6e:a6:d7:71:87:b8:3c:38:e2:60
debug1: Host 'droolit.unfuddle.com' is known and matches the RSA host key.
debug1: Found key in /Users/akhkharu/.ssh/known_hosts:390
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/akhkharu/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to droolit.unfuddle.com ([174.129.5.196]:22).
debug1: setting up multiplex master socket
debug1: channel 0: new [/ms/git@droolit.unfuddle.com:22]
debug1: control_persist_detach: backgrounding master process
debug1: forking to background
debug1: Entering interactive session.
debug1: multiplexing control connection
debug1: channel 1: new [mux-control]
debug1: channel 2: new [client-session]
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: mux_client_request_session: master session id: 2
PTY allocation request failed
Need SSH_ORIGINAL_COMMAND
debug1: client_input_channel_req: channel 2 rtype exit-status reply 0
debug1: client_input_channel_req: channel 2 rtype eow@openssh.com reply 0
debug1: channel 2: free: client-session, nchannels 3
debug1: channel 1: free: mux-control, nchannels 2
Shared connection to droolit.unfuddle.com closed.

[andrey-mbp ~]$ ll /ms/
total 0
srw-------  1 akhkharu  admin     0B Jul 17 11:55 git@droolit.unfuddle.com:22

Thanks,
Andrey.

Andrey Chernih
  • 383
  • 1
  • 3
  • 6

3 Answers3

27

Your * host stanza is catching it. Put more specific host stanzas earlier.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
  • Thanks, but that would not work for me. I need ControlMaster enabled for all hosts, but not for unfuddle.com. I can not list all hosts I use in config file. What seems to be working is placing the rule for unfuddle.com at the very beginning. – Andrey Chernih Jul 17 '12 at 12:50
  • 11
    You mean... when you put the more specific host stanza earlier? – Ignacio Vazquez-Abrams Jul 17 '12 at 12:52
  • Yeah, it's strange, but it works. – Andrey Chernih Jul 17 '12 at 14:44
  • I had been searching the manpages for ages, but it's a strange priority thing! – JanKanis Nov 27 '12 at 17:32
  • 2
    I'm afraid I'll wonder until my dying day if Andrey ever caught on to the fact that this answer is correct, and that the comment he agreed with points that out. – vastlysuperiorman May 03 '17 at 14:46
  • This answer might be improved by explaining *why* it works: ssh takes the first variable assignment it sees and ignores the rest. Thus more specific patterns go first in the file, where they will override latter assignments. – Quantum7 Feb 12 '20 at 13:32
19

As described in the answer to my similar question on SuperUser, you can use the "bang" syntax to exclude specific hosts from the original Host * stanza, like this:

Host * !*.unfuddle.com
    ControlPath /ms/%r@%h:%p
    ControlMaster auto
    ControlPersist 4h

In my situation, I found that the order of the Host sections when using a Host * seemed to be irrelevant, but the above method always works.

Community
  • 1
Scott Dudley
  • 341
  • 3
  • 5
11

For me it works when I additionally set ControlPath to none within the host stanza.

You can try:

Host *.unfuddle.com   
    ControlMaster no
    ControlPath none

Then no control session will be generated.

Adrian Frühwirth
  • 376
  • 5
  • 16
Tim Weippert
  • 111
  • 1
  • 3
  • In my case I had to do this plus put the `Host *` section at the end of the file and it worked. – a3nm Jun 22 '17 at 09:40