Whenever I want to do something that involves making an ssh connection to ComptueCanada such as doing an rsync copy, I have to manually authenticate the connection using their proprietary 2FA method. It adds an unnecessary step to my workflow when using their servers. It’s even worse for tools like Emacs’s TRAMP-mode that assume a sane ssh connection. In the case of TRAMP, it flat out errors out when it sees the 2FA prompt.
I would’ve preferred using more common 2FA methods like Timed-One-Time-Password (TOTP), which are well-known among users and are far more accessible. With TOTP, you could use apps like Google Authenticator to get two factor authentication.

Fortunately, there is a way to fix this. You can create a single shared ssh connection, and then, multiplex all other subsequent ssh connections through it. Upside is you only have to do the authentication once, downside is you’ll have to kill the ssh connection manually if the ssh connection hangs or if you change networks. Although, you normally wouldn’t need to kill the multiplexer process by hand. It exits by itself after some time when you logout.

Here’s how to do it assuming you have your ssh config file as ~/.ssh/config, and in it, there’s a Host definition for some ssh endpoint which resembles something like this:

1
2
3
4
5
Host beluga-cc
  Hostname beluga.alliancecan.ca
  User X
  IdentityFile ~/.ssh/path_to_key
  IdentitiesOnly yes

You’d want to add

1
2
3
  ControlMaster auto
  ControlPersist yes
  ControlPath ~/.ssh/control/%C

to it. Line 3 states that the ssh client will create a file corresponding to the established connection in ~/.ssh/control/.

In order to kill the connection,

  1. Find the PID of the muxing process:
1
2
$ ps aux | grep ssh | grep mux
1337
  1. Kill the connection is by sending kill signal to it, like this:
1
$ kill -9 1337 # put PID number here instead of `1337`

Here’s a oneliner that takes care of everything, assuming you have fzf installed:

1
$ kill -9 $(ps aux | grep ssh | grep mux | fzf | awk '{print $2}')