When using 'ControlMaster auto', openssh will automatically create a 'control socket' when one doesn't already exist, and multiplex multiple sessions over a single authenticated connection. The control socket is a UNIX socket which resides in the file system. It's supposed to be cleaned up automatically by the 'master' process when it exits, but that isn't always possible. A system crash or reboot, for example, may often leave stale sockets lying around. OpenSSH does not cope with this situation; the existence of a stale socket will prevent it from using multiplexing for ever more: $ ssh mercury whoami Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused dwmw2@mercury's password: ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing dwmw2 $ ssh mercury whoami Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused dwmw2@mercury's password: ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing dwmw2 $ rm /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 $ ssh mercury whoami dwmw2@mercury's password: dwmw2 $ ssh mercury whoami dwmw2
This is https://bugzilla.mindrot.org/show_bug.cgi?id=1329
Created attachment 500048 [details] fix problem by automatically removing stale control sockets
there is still one question: https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c1 this may harm the openssh's behavior dramatically.
No. I replied to that in https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c6 You *only* get -ECONNREFUSED if there really isn't anything listening. If there is an existing socket which is backlogged, you'll eventually get -EAGAIN after a timeout. (On Linux, at least; I haven't checked other systems but see no reason why it should be different). Besides, if there's an existing socket that isn't responding to connections, surely the best option is to remove it and create a new one? I suppose that observation applies best in the 'ControlMaster auto' case, so we could make the unlink happen automatically *only* if it would be automatically recreated? I'll provide an updated patch to do that.
experimentally added to rawhide