Wednesday, May 25, 2016

maintaining SSH_AUTH_SOCK in tmux

Tmux has a neat feature where certain environment variables can be updated during attachment.

SSH_AUTH_SOCK is included by default. When you reconnect from within a new ssh environment, SSH_AUTH_SOCK is updated inside of tmux. Any new windows created in the tmux session will have the updated ssh information.

Already running shells are not updated (how would tmux tell the shell to update?). I've added a zsh alias to my workflow to pull in the updated value from a running shell. It wraps the show-environment tmux command. This is a shell alias because it needs to affect the running shell.

fix_ssh () {
        eval $(tmux show-environment | grep ^SSH_AUTH_SOCK)
}

I don't normally start many interactive ssh session from my remote box, but I do need to talk to my local SSH agent to connect to my private git repos. I hate running an update and seeing Permission denied. Before I added this fix_ssh command, I caught myself opening new tmux windows to run the fetch from and then closing them to return to my active shell -- an expensive and distracting work-around.

% git fetch
Permission denied (publickey).
fatal: Could not read from remote repository.
% fix_ssh
% git fetch
# success!

When I run with screen, I set the SSH_AUTH_SOCK value to a steady value before opening the initial screen session and then manually update the sock on each login. When I remember.

# for screen
MY_SSH_AUTH_SOCK=$HOME/.ssh/auth_sock
rm $MY_SSH_AUTH_SOCK && ln -s $SSH_AUTH_SOCK $MY_SSH_AUTH_SOCK && export SSH_AUTH_SOCK=$MY_SSH_AUTH_SOCK