diff --git a/bundles/ssh/files/ssh_config b/bundles/ssh/files/ssh_config index 30cb19b..204800a 100644 --- a/bundles/ssh/files/ssh_config +++ b/bundles/ssh/files/ssh_config @@ -4,7 +4,8 @@ Host * GSSAPIAuthentication yes StrictHostKeyChecking yes GlobalKnownHostsFile /etc/ssh/ssh_known_hosts - # fixme: prevents backup server from sleeping - # ControlMaster auto - # ControlPath ~/.ssh/multiplex-%C - # ControlPersist 5m + +Host ${' '.join(sorted(multiplex_hosts))} + ControlMaster auto + ControlPath ~/.ssh/multiplex-%C + ControlPersist 5m diff --git a/bundles/ssh/items.py b/bundles/ssh/items.py index 12cfcb2..bbaec64 100644 --- a/bundles/ssh/items.py +++ b/bundles/ssh/items.py @@ -1,3 +1,6 @@ +from ipaddress import ip_interface + + # on debian bullseye raspberry images, starting the systemd ssh # daemon seems to collide with an existing sysv daemon dont_touch_sshd = node.metadata.get('FIXME_dont_touch_sshd', False) @@ -24,6 +27,13 @@ files = { '/etc/ssh/ssh_config': { 'content_type': 'mako', 'context': { + 'multiplex_hosts': set( + str(ip_interface(other_node.metadata.get('network/internal/ipv4')).ip) + for other_node in repo.nodes + if other_node.has_bundle('ssh') + and other_node.metadata.get('network/internal/ipv4', None) + and other_node.metadata.get('ssh/multiplex_incoming') + ), }, 'triggers': [ 'svc_systemd:ssh:restart' diff --git a/bundles/ssh/metadata.py b/bundles/ssh/metadata.py index fcd2711..3436080 100644 --- a/bundles/ssh/metadata.py +++ b/bundles/ssh/metadata.py @@ -1,6 +1,12 @@ from ipaddress import ip_interface from base64 import b64decode +defaults = { + 'ssh': { + 'multiplex_incoming': True, + }, +} + @metadata_reactor.provides( 'ssh/allow_users', diff --git a/nodes/home.backups.py b/nodes/home.backups.py index eb4fb7f..f804828 100644 --- a/nodes/home.backups.py +++ b/nodes/home.backups.py @@ -38,6 +38,10 @@ # 'apm': 1, # }, # }, + 'ssh': { + # multipling prevents server from sleeping + 'multiplex_incoming': False, + }, 'wol-sleeper': { 'network': 'internal', 'waker': 'home.server',