Projects

Just for fun

Home About PubKey

SSH Key Forwarding meets Screen

I'm using both SSH key forwarding and screen a lot. Since I discovered Nitrokey, the OpenPGP card and Yubikey, all my SSH keys are on those tokens. It works perfectly: You authenticated using the token in the laptop and use that key over a whole chain of machines and in some cases and the third or fourth machine in a row to pull and push to git.

I'm also using screen a lot. I set up a bunch of related sessions, sometimes on different machine in one screen session, detach from it, use it again the next day and so on. Also works fine. Longwinding login processes, especially when bastion hosts and jump hosts are involved can be avoided. However, at least out of the box, SSH key forwarding does not work in this setup. Suddenly ssh asks for passwords. Ugh!

Google was my friend and I found this page: https://gist.github.com/martijnvermaat/8070533. Martijn explains an easy solution to address this problem. Not to forget it again I will summarize it here.

  1. Create a file ~/.screenrc and put
    
    setenv SSH_AUTH_SOCK $HOME/.ssh/SSH_AUTH_SOCK
    
    into it. If you are using bash, don't be tempted to write export instead of setenv, it won't work.
  2. Create a file ~/.ssh/rc and put
    
    if test "$SSH_AUTH_SOCK" ; then
        ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
    fi
    
    into it.
  3. Restart the screen session, done. Works perfectly for me.