The Shœstring Foundation Weblog
   


About
The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey
Vignettes by George Herriman and a small program

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.


Blosxom Logo

       
Mon, 16 May 2016

SSH sessions inside remote screens, updating SSH_AUTH_SOCK on reattaching


I have screen(1) running contineously on servers. On some of them, the screen contains ssh-sessions to further machines. Because i trust these servers less than my laptop, i don't store secret keys there, i use AgentForwarding on the connection to the server and ssh-add -c $relevant_key on the laptop, so i must confirm each use of the key through the forwarding.

On disconnecting/reconnecting to the server in question, the SSH_AUTH_SOCK variable changes, but remains unchanged inside the long-running screen. ssh from inside screen will prompt for passwords, because the ssh-agent does not respond on the old path. i found no clean solution to propagate the change to the screen windows after re-attaching them.

So i put this in my .profile on the server

test $SSH_AUTH_SOCK
if [ $? -eq 0 ]; then
        if [ ! $SSH_AUTH_SOCK = "/tmp/ssh-agent-$USER-screen" ]; then
                ln -sf "$SSH_AUTH_SOCK" "/tmp/ssh-agent-$USER-screen"
        fi
fi
and this line into the .screenrc on the server
setenv SSH_AUTH_SOCK "/tmp/ssh-agent-$USER-screen"
So all screen windows have SSH_AUTH_SOCK set to the same path always, and when i connect to the server, the shell soft-links that path to the actual socket which is forwarded through ssh to the ssh-agent on my laptop.

[/projects] permanent link