June 11th, 2006

  • evan

ssh multiplexing revisited

A year and a half ago I asked about ssh's multiplexing-related features. Today I thought to look for more information about this again. It still seems underdocumented.

But what I've figured out is that OpenSSH 4.2 now allows "opportunistic multiplexing". If you have ControlMaster auto and a ControlPath ... set up in you ~/.ssh/config, the first time you connect to a host it creates and leaves open a (UNIX domain) socket that subsequent ssh's to the same host will use. This makes these connections come up much more quickly. (Here's more info.)

However, what I think I really want is something that actually leaves the master connection open for a few seconds after I log out. Then, stuff that does a series of sftp's or commands executed via ssh will be able to effectively pass the open connection along in between them, instead of opening up and tearing it down repeatedly like they currently do. (In particular, I'm thinking of arch/darcs over ssh.) I suppose that's what fsh is for, though...
  • evan

cryptography is depressing

Cache Attacks and Countermeasures: the Case of AES:
We describe several software side-channel attacks based on inter-process leakage through the sate of the CPU's memory cache. [...] experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions (in the latter case, the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds).
(Previously [heh, tags eventually came, but not as we had hoped].)