 Alright, thanks for listening. As many of those close to me already know, I love Git almost to a fork at running pretty much everything on Git. Apart from regular software engineering related tasks like storing source code, configuration, to ticket tracking, finances, audit trails, personal weight gain and weight loss in also storing Git. And I'm also guilty of storing an entire snapshot of databases in Git, complete with branching and tags. That's a story for another day. I'm not doing it anymore. Anyway, in the course of using Git for almost everything, I realized a large amount of Git commands also happen to be executed over SSH. So this is mostly a talk about running any command over SSH, not just about Git. The problem with running commands remotely is often the very, very first initiation of the connection takes a while. Sometimes it takes up to four seconds. Imagine you're coding furiously and you are typed to push every commit that you make. Your productivity will be affected waiting for the push to complete if you do not have your SSH set up to pre-connect. Each connection takes between four seconds. And in the case of my company, the company I work in, it takes up to 19 seconds to establish a single Git connection to GitHub, to internal GitHub. So the latency issue becomes worse if you are trying to connect to multiple different hosts. And there's also a typing delay if you are connected to a server. I'm sure you have experienced it before. As you type, you see your character slowly appearing in the terminal. Some of you may argue that you use T-Markz and Screen and you are bound by the same problem. So some basic optimization you can do with SSH. You must have a SSH configuration file. At the very, very least, you should have compression set to turn on. By default, compression level is set to six and it's the standard GZ value for compression level. Other things you can do is control master. Who here already have control master set in their local? Control master set in local? Nobody else have set it locally? Okay, you will be interested in this. So setting control master allows you to reuse your connection. Sharing of multiple sessions over a single network connection. So you can connect once and you can reuse the connection over and over again. So in order for control master to work, you need to have a socket path set, which appears on the second line, the control path. Control path follows a user host and a port name format. So if I have a connection, I can show you. So I have a connection currently set up locally and this is what it looks like. Based on the configuration you see on the screen there. It says Charlim at local host colon 22. That's a port number. When you have, if you try to look at the details of this file, you'll see that it has an as prefix, which means that it's a socket file. Okay, there you go. You can see here there is an as prefix, and only you and your user can read it. Nobody else can read it because this is actually, you can, you can hijack it. Control process sets how long you can keep the connection open for. In this case, I've set it up to run for four hours. If you have no activities within the next four hours, it will, it will just automatically disconnect itself. So this is useful because you can reuse the connection over and over again and you'll be able to save time. Other stuff that may help you in productivity is to have a short connect timeout. You don't want to try and connect to the internet when there's no internet and only to find out that 60 seconds later that you're not connected to the internet. The other stuff are just nice to have. You can try it out. Give you an example of how control master speed things up. If I run a, just a purely connection, a pure connection to, to GitHub, you can run, say SSH at github.com dash M basically tells it to not do anything, just establish connection and just disconnect. This job takes 2.89 seconds. On average, it's about three to four seconds. So on a good day, when DNS cache is working and stuff, it will just connect. Now, if you run it, if you run it for the first time and you have control master setup, the second time you run it, you reuse the same connection and you don't have to, you don't have to reestablish, you don't have to complete the handshake again. Now, in most servers, you will not see a 0.5 seconds additional delay. This is, I think this is something that GitHub set up to prevent people from brute force attack or time attack and that's why there's 0.5 seconds. Otherwise, you probably see something along the lines of 0.011 seconds. The cost to reestablish, reestablish connection is actually very cheap. So with this, you can push as often as you want and if you're always using GitHub, you will be a lot easier and faster. So that solves one problem. Let's keep typing delay and let's look at what we can do with multi-host jump. Often, have you ever had to jump SSH through more than one host to get to another host? The example here shows you how you are at home connected to the internet, but in order to get to host D, you have to connect through bastion and firewall. Firewall only allows connection from bastion and the bastion, the firewall server is the only server that can connect to host D. So what you need to do generally, you do something like this. You first log into bastion. The dash A is to imply a forwarding agent. Then when you're into bastion, you run the second command, which is SSH firewall. This is how you do jambos and the third one. Now, this kind of work. If your authorized keys are set up correctly on each server, you can just pass in the dash A and you can log straight in. So you can also chain these three commands into one line. You can alias this as a shell script or a shell alias and it will kind of work mostly. Another way to do this, and if you know that you're always going to access this bastion server, sorry, this host D server through the bastion and firewall, in exactly the same manner, over and over again, you can just write a configuration file that looks something like this where you declare bastion, you declare firewall with proxy command and the proxy command will establish a tunneling through the connecting intermediate host, allowing you to connect. So what this means is you can just run a single command that looks like this, SSH host D and host D will connect to the bastion server, sorry, connect to the firewall and the firewall will connect to bastion in order to get to your destination host. Okay, so again I was showing the same diagram again. Now this method may work but yuck, you, it's kind of ugly. It also prevents you from doing other stuff like if you want to push a file, you want to ask a file, you want to do something direct, you can do, you can run scpn asking directly. Wouldn't it be nice if you can run something like this? A single command SSH bastion plus firewall plus host D, it will automatically jump through one host after another. So if you run it locally like this, SSH will say no host found because it treats the entire string as a host. And to be honest, this was not my idea. This was something that I discovered on Gen 2 website and this is what it looks like. Oops, can someone, can we all see it back? So it looks like this, which is a fancy sub shell code set here and there and with NC command here. I mean it kind of works. It allows you to pass in a separate username and you can also have a different user at the end of the command. But it requires you to use a percent syntax instead of the add symbol and you can specify a different port number. That one works kind of well but yeah. The good thing about this is it allows you to use to do scp. So you can do scp host one plus host two. So not too bad, kind of work but this is a recipe for disaster. Sorry? The recipe for awesome, yes. So I created my own and this does the same thing, allows you to pass in user and you can also pass in different identity files if you need to. Now I wouldn't recommend you to replace this with your SSH command. It's always good to keep it separate. The P actually stands for prime but because it's originally started as a priming connection so you keep the connection open. And eventually it grew into a way to get into a super secure secret host that you have to go through busier and firewall. So this problem is solved. Let's see. The next thing that I want to address is typing delay. There's nothing you can really do with typing delay unless you construct your entire command locally and send it over SSH. So you type a command on SSH blah, dash t, seed in the command, run your git status and then it works. It's not very elegant. It kind of works. So if you notice here that these two information, the host information and the repository path is something that you can find in your git remote. So why not use the information you have in your git remote to help you push your git command. And again, something that I came out with, the ability to run remote git commands, sorry, git commands on a remote repo. It basically, as SSH servers, automatically seed into that and pass the commands in. So it's kind of helpful. You want to run, you want to push some repo. You don't want to run git hooks. You don't want to run hooks to automatically deploy your files. Especially if it's a local instance, you don't always want to make the hooks do things that you don't want it to do. So you can do git push remote, git SSH remote and git checkout relevant files that you want and run your stuff. In fact, you can directly perform scp command here and it will copy, it will take the same files you have remotely and vice versa so you can copy files from your local to a remote server. So yeah, that's it. That's all I have to share. A little bit of credit to these two links, SSH menu and Gen2 for the multi-hop stuff. Any questions? How would we set up your tool if you wanted to use it? As usual, there's no brews simple packaging install command available at the moment, but you can copy them to your local bin and access a path that is accessible from whichever is at your path. Is it just a shell script or does it have some dependencies? It's purely shell script. It has some dependencies, but it would tell you that, sorry? Did you set it in it? Is there a set in it? Yes, there will be set in it. If you're concerned about a GNU set versus BSE set, I think there is some smart detection inside to detect set differences. All right, thank you.