My day to day work environment looks like this:
Windows (company) laptop + Cygwin + SSH with agent forwarding enabled -> Start SCREEN session -> SSH to remote administration host -> SSH to further hosts to carry out various tasks
There is a couple of problems with this setup:
– firstly the laptop runs Windows – as much as I hate it I can’t do much about it now,
– and also if my SCREEN session detaches for any reason I loose my SSH agent and logging in to further hosts requires again providing credentials “by hand”.
To mitigate these issues I decided to change the process to the following:
Windows (company) laptop + Cygwin + SSH -> SSH to remote administration host -> start SSH agent + add private keys + enable SSH agent forwarding -> Start SCREEN session -> -> SSH to further hosts to carry out various tasks
Now if my screen detaches I still can get back to it and finish off whatever I was doing but this doesn’t prevent me from loosing the SSH agent connectivity within the SCREEN session.
The remaining problem is due to the fact that when a ssh-agent is started it creates a socket/keyring file of which path/name is changing every time new agent is started. Path to the current keyring is saved to an environment variable – see output of:
The problem is that after your session detaches value of this variable will change as new socket will be created whilst within the SCREEN session the value will remain the same = pointing to invalid location.
Some people write one liners to update the variable in SCREEN to set it to correct path but this is not much of an help if within your SCREEN session you are logged into further hosts.
I decided that on deploy of a new agent I will make sure the keyring/socket is created under same path – to achieve this I added following line to my .bash_profile file on the administration host:
rm -f $SSHKEY
eval $(ssh-agent -a $SSHKEY)
We try to kill any, still running agent (just in case) and then additionally we make sure that the socket file doesn’t exist either (other way next step would fail). Next line gives us PID of the new agent that was created. Last line adds any default keys to the agent – if your keys do have password protection enabled then you will be prompted to provide such passwords.
Now upon logging to the host I get following messages:
SSH_AGENT_PID not set, cannot kill agent
Agent pid 8147
Enjoy never interrupted sessions!