How can I get ssh-agent working over ssh and in tmux (on OS X)?

macos ssh tmux ssh-agent

14,535

Solution 1

My colleague created some bash functions to assist with finding a live agent: https://github.com/wwalker/ssh-find-agent

He uses it mainly for connecting between systems (laptop to desktop, etc), but I use it most often for local tmux sessions where you logout/in from your window manager (OS X for myself).

Usage

Download ssh-find-agent.bash (git clone git://github.com/wwalker/ssh-find-agent.git works).
Add the following to ~/.bashrc:
```
. /path/to/ssh-find-agent.bash
```
Then you can type the following to set SSH_AUTH_SOCK in your current shell:
```
set_ssh_agent_socket
```

Solution 2

An elegant solution, picked up from dagit.o:

Create ~/.ssh/rc

#!/bin/bash
if [ -S "$SSH_AUTH_SOCK" ]; then
    ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi

Add to ~/.tmux.conf

set -g update-environment "DISPLAY SSH_ASKPASS SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY"
set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock

Solution 3

In your .tmux.conf configuration file, add this line:

set -g update-environment "SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION"

This causes these environment variables to be copied from your main shell to any shells opened within tmux, which then allows ssh-agent to work properly within those tmux shells.

Solution 4

It happened to me that panes created when connecting via ssh from OS X started asking my passphrase after a while of working ok. I found a way to fix that stealing this line from http://santini.di.unimi.it/extras/ph/my-tmux-setup.html

eval $(tmux show-environment -t [YOUR-SESSION] | grep '^SSH_AUTH_SOCK')

Just run it from the pane that's complaining.

Solution 5

Not sure if you are using bash or another shell, but this guy's tmux setup looks like it would work for bash. Personally, I am using zsh with oh-my-zsh, and I found that ssh-agent started working in tmux after I added

zstyle :omz:plugins:ssh-agent agent-forwarding on

to my .zshrc file and reloaded the config in my running zsh sessions. I also found this guy's zsh-oriented solution, but it turned out to be unnecessary for me.

View more solutions

14,535

Rich

Updated on September 17, 2022

Comments

Rich over 1 year
I have a private key set up for my github account, the passphrase to which is, I believe, stored in OS X's keychain. I certainly don't have to type it in when I open a terminal window and enter ssh [email protected].

However, when I'm running bash over an ssh session, or locally inside a tmux session, I have to type in the passphrase every single time I attempt to ssh to github.

This question suggests that a similar problem exists with screen, but I don't really understand the issue well enough to fix it in tmux. There's also this page which includes a fairly complicated solution, but for zsh.

EDIT:

In response to @Mikel's answer, from a local terminal I get the following output:
```
[~]
$ echo $SSH_AUTH_SOCK
/tmp/launch-S4HBD6/Listeners
[~] 
$ ssh-add -l
2048 [my key fingerprint] /Users/richie/.ssh/id_rsa (RSA)
[~]
$ typeset -p SSH_AUTH_SOCK
declare -x SSH_AUTH_SOCK="/tmp/launch-S4HBD6/Listeners"
```
Whereas over ssh or in tmux I get:
```
[~]
$ echo $SSH_AUTH_SOCK

[~]
$ ssh-add -l
Could not open a connection to your authentication agent.
[~]
$ typeset -p SSH_AUTH_SOCK
bash: typeset: SSH_AUTH_SOCK: not found
```
echo $SSH_AGENT_PID returns nothing whatever shell I run it from.
- Nethan over 13 years
  
  What about typeset -p SSH_AUTH_SOCK?
- Rich over 13 years
  
  @Mikel bash: typeset: SSH_AUTH_SOCK: not found from within ssh/tmux. I'll try it locally tonight, if necessary.
- Rich over 13 years
  
  @Mikel I've added that command's output to the question.
- Blaisorblade over 10 years
  
  AFAIK, question and answers are not OS X-specific. That's relevant to avoid some non-OS X-specific dups, namely superuser.com/q/334975/46794 and superuser.com/q/479796/46794.
- Rich over 10 years
  
  @Blaisorblade I was under the impression my passphrase was stored in the OS X keychain (Although I can't remember now why I believed that to be the case). Is that incorrect?
Rich over 13 years

I added the response to these commands to the question. I've also realised that the problem also occurs when I login over ssh (without using tmux), and have edited the question accordingly.
Nethan over 13 years

ssh is easy. Turn agent forwarding on. Easiest way to do that is run ssh -A instead of ssh. Use an alias so you don't have to type it every time, or put it in your .SSH/config.
Rich over 13 years

Cool, thanks. That worked for ssh. Any ideas how to fix it in tmux?
Chris Johnsen about 12 years

This is the appropriate method for getting those values into a tmux session, but all of those environment variables should already be included in the default value of update-environment. The OP should check their update-environment value and possibly update wherever it is already being changed.
Trevor Powell about 12 years

Hm.. after digging further, I agree -- the settings I listed are already in the defaults, and if I run tmux without a .tmux.conf file, everything works properly. And if I remove the line I quoted from my .tmux.conf file, that is working for me as well, although it didn't before. There's clearly something else going wrong occasionally. Maybe to do with suspend/restore or attach/detach or sshing into a tmux session remotely. I'll keep my eyes open and update if I find the factor which makes it reproducible.
Rich about 12 years

update-environment is set correctly. However, the problem still occurs.
Tobias Kienzler over 10 years

The problem with this is that config will only be re-executed when no tmux server is present, defying the purpose of re-attaching... Maybe there is a command line switch to re-update those variables?
Rich over 10 years

I accepted this answer rather than any of the others that might work because it doesn't required SSH agent forwarding, which is better for my purposes. Thanks!
Arthur Sult about 3 years

fanatastic! Thanks!