OpenSSH disable ControlMaster for given hostname

I am using OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 with Mac OS X Snow Leopard. I have ControlMaster feature configured to maintain persistent connections. My ~/.ssh/config have the following:

Host *
  ControlPath /ms/%r@%h:%p
  ControlMaster auto
  ControlPersist 4h

Host *.unfuddle.com
  ControlMaster no

However, from what I see - even when I am trying to use SSH for unfuddle.com hosts, master connection get always created:

[andrey-mbp ~]$ ssh -v [email protected]
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/akhkharu/.ssh/config
debug1: /Users/akhkharu/.ssh/config line 1: Applying options for *
debug1: /Users/akhkharu/.ssh/config line 6: Applying options for *.unfuddle.com
debug1: Reading configuration data /usr/local/Cellar/openssh/5.9p1/etc/ssh_config
debug1: auto-mux: Trying existing master
debug1: Control socket "/ms/[email protected]:22" does not exist
debug1: Connecting to droolit.unfuddle.com [174.129.5.196] port 22.
debug1: Connection established.
debug1: identity file /Users/akhkharu/.ssh/id_rsa type 1
debug1: identity file /Users/akhkharu/.ssh/id_rsa-cert type -1
debug1: identity file /Users/akhkharu/.ssh/id_dsa type 2
debug1: identity file /Users/akhkharu/.ssh/id_dsa-cert type -1
debug1: identity file /Users/akhkharu/.ssh/id_ecdsa type -1
debug1: identity file /Users/akhkharu/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA a6:74:33:36:95:31:6e:a6:d7:71:87:b8:3c:38:e2:60
debug1: Host 'droolit.unfuddle.com' is known and matches the RSA host key.
debug1: Found key in /Users/akhkharu/.ssh/known_hosts:390
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/akhkharu/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to droolit.unfuddle.com ([174.129.5.196]:22).
debug1: setting up multiplex master socket
debug1: channel 0: new [/ms/[email protected]:22]
debug1: control_persist_detach: backgrounding master process
debug1: forking to background
debug1: Entering interactive session.
debug1: multiplexing control connection
debug1: channel 1: new [mux-control]
debug1: channel 2: new [client-session]
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: mux_client_request_session: master session id: 2
PTY allocation request failed
Need SSH_ORIGINAL_COMMAND
debug1: client_input_channel_req: channel 2 rtype exit-status reply 0
debug1: client_input_channel_req: channel 2 rtype [email protected] reply 0
debug1: channel 2: free: client-session, nchannels 3
debug1: channel 1: free: mux-control, nchannels 2
Shared connection to droolit.unfuddle.com closed.
[andrey-mbp ~]$ ll /ms/
total 0
srw-------  1 akhkharu  admin     0B Jul 17 11:55 [email protected]:22

Thanks,
Andrey.


Your * host stanza is catching it. Put more specific host stanzas earlier.


As described in the answer to my similar question on SuperUser, you can use the "bang" syntax to exclude specific hosts from the original Host * stanza, like this:

Host * !*.unfuddle.com
    ControlPath /ms/%r@%h:%p
    ControlMaster auto
    ControlPersist 4h

In my situation, I found that the order of the Host sections when using a Host * seemed to be irrelevant, but the above method always works.