8

Possible Duplicate:
ssh-agent key timeout with screen or tmux on bastion host

I have a laptop on which I have pageant (the PuTTy SSH key agent) running. If I ssh to a system and launch screen, the ssh key forwarding works properly.

However, if I disconnect from that screen session, log off, then later reconnect -- the key forwarding doesn't work any more. I am presuming that this is because when I reconnect the key forwarding is set up on different ports for the new ssh session than was the old one.

Is there a way to teach an individual screen window to reconnect to the agent forwarding so that I can use my key to forward again?

Improve this question
0

2 Answers 2

Reset to default
6

My solution is a bit more robust. Put this in your .bash_profile on the remote side.

if [ -z "${STY}" -a -t 0 ]; then
    reattach () {
        if [ -n "${SSH_AUTH_SOCK}" ]; then
            ln -snf "${SSH_AUTH_SOCK}" "${HOME}/.ssh/agent-screen"
            SSH_AUTH_SOCK="${HOME}/.ssh/agent-screen" export SSH_AUTH_SOCK
        fi
        exec screen -A -D -RR ${1:+"$@"}
    }
fi

Then I use reattach instead of screen. This could be done using command screen -A ${1:+"$@"} and 'screen' instead of 'reattach'.

The problem with using the 'alias' solution in the answer by @David Mackintosh is that the processes running in screen now have the same SSH_AUTH_SOCK value on the remote side. Think of the following scenerio.

  • local: start SSH agent getting SSH_AUTH_SOCK value
  • local: SSH to remote, setting new SSH_AUTH_SOCK value on remote
  • remote: start screen or tmux, using SSH_AUTH_SOCK
  • remote: create shell, which inherits SSH_AUTH_SOCK from screen
  • remote: detach from screen and log out
  • local: SSH to remote, setting new SSH_AUTH_SOCK value on remote
  • remote: reattach to screen session, which still has old SSH_AUTH_SOCK value

The trick is to get the processes running inside screen to use the new value. You can do that by repointing a symlink to the current SSH_AUTH_SOCK each time you call screen (for new or reattached session).

Improve this answer
1
  • A cleaner adaptation of this solution: superuser.com/a/1790651/161249 that sets the symlink in ~/.ssh/rc and the SSH_AUTH_SOCK env in ~/.tmux.conf
    – Kache
    Commented Jun 22, 2023 at 17:52
2

This is actually a duplicate of: ssh-agent key timeout with screen or tmux on bastion host

The solution:

  • add to your .bash_profile:

    echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > ~/.ssh/auth_sock

  • add to your .bashrc:

    alias ssh="source ~/.ssh/auth_sock ; ssh"

This seems to work so far for me.

Improve this answer
1
  • I wrote the answer for the question you linked to. Good to hear it works for you; I hadn't tested it, and I wasn't sure it was complete enough! :)
    – chepner
    Commented Jun 19, 2012 at 18:32

Not the answer you're looking for? Browse other questions tagged .