I've always wondered what this is useful for. So it's purely for performance?

Why is it faster to establish the connection? Does it re-use the authentication from the existing ControlMaster too, so you skip the handshake? Seems like it could be dangerous if you're not careful. I guess that's why you can configure it to use `ssh-askpass` for conformation (which, btw, is missing on macOS these days).

The other neat-looking directive that I've never tried is `ProxyUseFdpass`, which tells OpenSSH to expect a file descriptor back from your `ProxyCommand` instead of using stdin/stdout. I'm not sure why it exists, but it feels like it could be a performance optimization. Particularly for `scp`. But I've never actually run into a performance problem using `ProxyCommand` so shrug?

I think it's purely for performance, but it does make a big difference. There's a lot of round trips to set up an SSH connection, and depending on the RTT to the server, that can feel like a real delay if there's another host in the connection. If you use a Proxy host for jumping, and it's got a better RTT to most servers you connect to, reusing the existing connection to it might actually make it feel like it connects faster than a direct connection from your workstation would.

e.g.

    $ ping -c 2 foo
    PING foo (a.b.c.d) 56(84) bytes of data.
    64 bytes from foo (a.b.c.d): icmp_seq=1 ttl=55 time=3.56 ms
    64 bytes from foo (a.b.c.d): icmp_seq=2 ttl=55 time=3.62 ms
    
    --- foo ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 3ms
    rtt min/avg/max/mdev = 3.564/3.594/3.624/0.030 ms
    $ time ssh root@foo "echo foo"
    foo
    
    real    0m0.650s
    user    0m0.062s
    sys     0m0.006s

Now if I add the following to .ssh/config:

    Host foo
        controlmaster auto
        controlpath ~/.ssh/ssh-%r@%h:%p

You can see how much faster it gets if I already have a connection to that server open:

    $ time ssh root@foo "echo foo"
    foo
    
    real    0m0.032s
    user    0m0.003s
    sys     0m0.004s

This is especially important in some cases where you have local shell wrappers around commands that execute on a remote server with SSH.

I do this for my email, for example, where the actual programs for dealing with my email sits on a server, but on each host I have shell scripts with the same name as the original program, except all they do is SSH to the server and run the actual program there. When navigating a GUI that runs these shell wrappers, you get a lot of opening and closing of SSH sessions very quickly.

> So it's purely for performance?

It's not just for performance - it "reuses authentication" by not needing it. The authentication is an encapsulation, within which multiple channels get used. Usually, it's just the main "shell" channel; but occasionally it's also forwarding (-L / -R / -D), sftp; what ControlMaster does is let you open more "shell" channels when you run the "ssh" command again, instead of establishing a whole new connection.

> The other neat-looking directive that I've never tried is `ProxyUseFdpass`,

It's so you can use whatever weird communication hardware/protocol you like (serial? non-tcp satellite modem?), and all you have to do to get all of ssh's wonderful features over it, is make provide a file descriptor that works well enough (serial port; pipe you create; etc.)

Also for tab completion of directories to rsync on the remote. Otherwise you’d have to type your password on every <tab>. You can use ssh keys and agents to achieve the same, but it’s much slower, and harder to set up IMO.

It's not even establishing the connection: it just goes through the existing ControlMaster. This gets me about ~0.5 sec for a fresh connection, and just-about-instant response for a multiplexed one.