How to purge connections left open by SSH ProxyCommand?

Question

I have a webserver WWW1 and a front-facing proxy PRX. I use SSH ProxyCommand to connect to WWW1's internal IP (private IP) via PRX (private+public IP). For some connections (not all) I see a network connection left open after I'm finished. These add up!

~/.ssh/config

Host *
  ServerAliveInterval 5
  ControlMaster auto
  ControlPath ~/.ssh/master-%r@%h:%p

Host WWW1 WWW2 WWW3
  User foo
  ProxyCommand ssh -q -a -x PRX nc %h 22
  IdentityFile ~/.ssh/id_foo_WWWx

On PRX, lsof | grep WWW1:ssh shows 124 open connections at the moment. On WWW1, the same command shows 243 open connections. There are similar open connections for WWW2, WWW3 etc.

WWW1 and PRX are Debian. Client connections are coming from a mix of Debian, Ubuntu and OSX10.6. I use Emacs Tramp but this has no special configuration (AFAIK) outside of my ~/.ssh/config.

I'm concerned about running out of internal ports, and ideally I want these connections to clean themselves up without intervention. Ideally by configuring them to kill themselves off; failing that a command I can kill old processes with is fine!

Answer 1

A better way would be to use the -W option of SSH, so you could put

 ProxyCommand ssh -q -a -x PRX -W %h:22

instead of

 ProxyCommand ssh -q -a -x PRX nc %h 22

This way you get rid of dependence on nc too.