The ControlMaster mention deserves a full config block since the defaults make it awkward:

    Host *
      ControlMaster auto
      ControlPath ~/.ssh/sockets/%r@%h:%p
      ControlPersist 10m

`mkdir -p ~/.ssh/sockets` first. With this setup, every subsequent ssh/scp/rsync to the same host reuses the existing master connection — no re-auth, near-instant open. ControlPersist keeps the socket alive for 10 minutes after the last session closes, so short gaps don't force a new handshake.

This pairs well with the ~C escape discussed here: adding a port forward mid-session via ~C -L 8080:localhost:8080 doesn't require a new connection or re-authentication when a ControlMaster is already running. Useful for those "I need to tunnel something I didn't anticipate" moments.