ControlPath versus ProxyCommand

Cameron Simpson cs at
Fri Nov 3 13:23:45 AEDT 2017

On 03Nov2017 13:07, Damien Miller <djm at> wrote:
>On Fri, 3 Nov 2017, Cameron Simpson wrote:
>> TL;DR: I expect ProxyCommand to have effect in preference to
>> ControlPath.
>> On reflection, of course these are distinct options and that side of
>> things isn't, of itself, a bug. However, is there a sane use case for
>> using ControlMaster/ControlPath at all if there is a ProxyCommand? I
>> would have thought not. [...]
>They are quite othorgonal features, but the whole point of multiplexing
>is to avoid the need to make additonal connections. So it's quite
>logical that ssh checks ControlPath for an active mux master before
>attempting a new connection (that may use ProxyCommand).
>There's little point to specifying ControlMaster=no and a ProxyCommand
>because there is no fallback to making a new connection in that case,
>but ControlMaster=yes/auto/autoask with ProxyCommand is quite sensible:
>"try to use multiplexing but if you have to open a new connection then
>do it via this proxy".

Ah, now the rationale is apparent. Ok, that makes sense to me. Thank you.

>>  ProxyCommand ssh MAIN nc 7777
>If your ssh client is new enough, you should try ssh -J / JumpHost instead.

I give this particular script to others, so that may not be feasible yet. But I 
saw that option arrive and intend to make us of it. Nice! I discovered -G too 
recently, very useful to me. Not least for autorestarting persistent tunnels 
when I modify a config file (I use the output as a signature string).

Cameron Simpson <cs at> (formerly cs at

More information about the openssh-unix-dev mailing list