How can I get ssh-agent working over ssh and in tmux (on OS X)?
Solution 1
My colleague created some bash functions to assist with finding a live agent: https://github.com/wwalker/ssh-find-agent
He uses it mainly for connecting between systems (laptop to desktop, etc), but I use it most often for local tmux sessions where you logout/in from your window manager (OS X for myself).
Usage
Download ssh-find-agent.bash (
git clone git://github.com/wwalker/ssh-find-agent.git
works).-
Add the following to ~/.bashrc:
. /path/to/ssh-find-agent.bash
-
Then you can type the following to set SSH_AUTH_SOCK in your current shell:
set_ssh_agent_socket
Solution 2
An elegant solution, picked up from dagit.o:
Create ~/.ssh/rc
#!/bin/bash
if [ -S "$SSH_AUTH_SOCK" ]; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
Add to ~/.tmux.conf
set -g update-environment "DISPLAY SSH_ASKPASS SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY"
set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock
Solution 3
In your .tmux.conf
configuration file, add this line:
set -g update-environment "SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION"
This causes these environment variables to be copied from your main shell to any shells opened within tmux, which then allows ssh-agent to work properly within those tmux shells.
Solution 4
It happened to me that panes created when connecting via ssh from OS X started asking my passphrase after a while of working ok. I found a way to fix that stealing this line from http://santini.di.unimi.it/extras/ph/my-tmux-setup.html
eval $(tmux show-environment -t [YOUR-SESSION] | grep '^SSH_AUTH_SOCK')
Just run it from the pane that's complaining.
Solution 5
Not sure if you are using bash or another shell, but this guy's tmux setup looks like it would work for bash. Personally, I am using zsh with oh-my-zsh, and I found that ssh-agent started working in tmux after I added
zstyle :omz:plugins:ssh-agent agent-forwarding on
to my .zshrc file and reloaded the config in my running zsh sessions. I also found this guy's zsh-oriented solution, but it turned out to be unnecessary for me.
Related videos on Youtube
Rich
Updated on September 17, 2022Comments
-
Rich over 1 year
I have a private key set up for my github account, the passphrase to which is, I believe, stored in OS X's keychain. I certainly don't have to type it in when I open a terminal window and enter
ssh [email protected]
.However, when I'm running bash over an ssh session, or locally inside a tmux session, I have to type in the passphrase every single time I attempt to ssh to github.
This question suggests that a similar problem exists with screen, but I don't really understand the issue well enough to fix it in tmux. There's also this page which includes a fairly complicated solution, but for zsh.
EDIT:
In response to @Mikel's answer, from a local terminal I get the following output:
[~] $ echo $SSH_AUTH_SOCK /tmp/launch-S4HBD6/Listeners [~] $ ssh-add -l 2048 [my key fingerprint] /Users/richie/.ssh/id_rsa (RSA) [~] $ typeset -p SSH_AUTH_SOCK declare -x SSH_AUTH_SOCK="/tmp/launch-S4HBD6/Listeners"
Whereas over ssh or in tmux I get:
[~] $ echo $SSH_AUTH_SOCK [~] $ ssh-add -l Could not open a connection to your authentication agent. [~] $ typeset -p SSH_AUTH_SOCK bash: typeset: SSH_AUTH_SOCK: not found
echo $SSH_AGENT_PID
returns nothing whatever shell I run it from.-
Nethan over 13 yearsWhat about
typeset -p SSH_AUTH_SOCK
? -
Rich over 13 years@Mikel
bash: typeset: SSH_AUTH_SOCK: not found
from within ssh/tmux. I'll try it locally tonight, if necessary. -
Rich over 13 years@Mikel I've added that command's output to the question.
-
Blaisorblade over 10 yearsAFAIK, question and answers are not OS X-specific. That's relevant to avoid some non-OS X-specific dups, namely superuser.com/q/334975/46794 and superuser.com/q/479796/46794.
-
Rich over 10 years@Blaisorblade I was under the impression my passphrase was stored in the OS X keychain (Although I can't remember now why I believed that to be the case). Is that incorrect?
-
-
Rich over 13 yearsI added the response to these commands to the question. I've also realised that the problem also occurs when I login over ssh (without using tmux), and have edited the question accordingly.
-
Nethan over 13 years
ssh
is easy. Turn agent forwarding on. Easiest way to do that is runssh -A
instead ofssh
. Use an alias so you don't have to type it every time, or put it in your.SSH/config
. -
Rich over 13 yearsCool, thanks. That worked for ssh. Any ideas how to fix it in tmux?
-
Chris Johnsen about 12 yearsThis is the appropriate method for getting those values into a tmux session, but all of those environment variables should already be included in the default value of
update-environment
. The OP should check theirupdate-environment
value and possibly update wherever it is already being changed. -
Trevor Powell about 12 yearsHm.. after digging further, I agree -- the settings I listed are already in the defaults, and if I run tmux without a .tmux.conf file, everything works properly. And if I remove the line I quoted from my .tmux.conf file, that is working for me as well, although it didn't before. There's clearly something else going wrong occasionally. Maybe to do with suspend/restore or attach/detach or sshing into a tmux session remotely. I'll keep my eyes open and update if I find the factor which makes it reproducible.
-
Rich about 12 years
update-environment
is set correctly. However, the problem still occurs. -
Tobias Kienzler over 10 yearsThe problem with this is that config will only be re-executed when no
tmux
server is present, defying the purpose of re-attaching... Maybe there is a command line switch to re-update those variables? -
Rich over 10 yearsI accepted this answer rather than any of the others that might work because it doesn't required SSH agent forwarding, which is better for my purposes. Thanks!
-
Arthur Sult about 3 yearsfanatastic! Thanks!