How can I get ssh-agent working over ssh and in tmux (on OS X)?

I have a private key set up for my github account, the passphrase to which is, I believe, stored in OS X's keychain. I certainly don't have to type it in when I open a terminal window and enter ssh git@github.com.

However, when I'm running bash over an ssh session, or locally inside a tmux session, I have to type in the passphrase every single time I attempt to ssh to github.

This question suggests that a similar problem exists with screen, but I don't really understand the issue well enough to fix it in tmux. There's also this page which includes a fairly complicated solution, but for zsh.

EDIT:

In response to @Mikel's answer, from a local terminal I get the following output:

[~]
$ echo $SSH_AUTH_SOCK
/tmp/launch-S4HBD6/Listeners
[~] 
$ ssh-add -l
2048 [my key fingerprint] /Users/richie/.ssh/id_rsa (RSA)
[~]
$ typeset -p SSH_AUTH_SOCK
declare -x SSH_AUTH_SOCK="/tmp/launch-S4HBD6/Listeners"

Whereas over ssh or in tmux I get:

[~]
$ echo $SSH_AUTH_SOCK

[~]
$ ssh-add -l
Could not open a connection to your authentication agent.
[~]
$ typeset -p SSH_AUTH_SOCK
bash: typeset: SSH_AUTH_SOCK: not found

echo $SSH_AGENT_PID returns nothing whatever shell I run it from.

Rich

Posted 2011-01-25T22:25:37.790

Reputation: 2 000

What about typeset -p SSH_AUTH_SOCK? – Mikel – 2011-01-27T11:18:21.243

@Mikel bash: typeset: SSH_AUTH_SOCK: not found from within ssh/tmux. I'll try it locally tonight, if necessary. – Rich – 2011-01-27T12:53:48.440

@Mikel I've added that command's output to the question. – Rich – 2011-01-27T20:33:37.563

AFAIK, question and answers are not OS X-specific. That's relevant to avoid some non-OS X-specific dups, namely http://superuser.com/q/334975/46794 and http://superuser.com/q/479796/46794.

– Blaisorblade – 2013-09-19T08:33:01.800

@Blaisorblade I was under the impression my passphrase was stored in the OS X keychain (Although I can't remember now why I believed that to be the case). Is that incorrect? – Rich – 2013-09-19T08:52:59.337

@Rich: true, but that's orthogonal. Everything applies also to Linux and OS X system where the password is not stored in the keychain, with only one exception. The exception is that usually, you'd have to call ssh-add to type the passphrase and load it into the ssh-agent daemon, and it'd last until reboot, while your setup avoids that (see https://help.github.com/articles/working-with-ssh-key-passphrases for details). I didn't know about that possibility!

– Blaisorblade – 2013-09-21T18:27:38.297

Answers

My colleague created some bash functions to assist with finding a live agent: https://github.com/wwalker/ssh-find-agent

He uses it mainly for connecting between systems (laptop to desktop, etc), but I use it most often for local tmux sessions where you logout/in from your window manager (OS X for myself).

Usage

Download ssh-find-agent.bash (git clone git://github.com/wwalker/ssh-find-agent.git works).
Add the following to ~/.bashrc:
```
. /path/to/ssh-find-agent.bash
```
Then you can type the following to set SSH_AUTH_SOCK in your current shell:
```
set_ssh_agent_socket
```

user104502

Posted 2011-01-25T22:25:37.790

Reputation: 86

I accepted this answer rather than any of the others that might work because it doesn't required SSH agent forwarding, which is better for my purposes. Thanks! – Rich – 2014-02-05T00:00:12.147

An elegant solution, picked up from dagit.o:

Create ~/.ssh/rc

#!/bin/bash
if [ -S "$SSH_AUTH_SOCK" ]; then
    ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi

Add to ~/.tmux.conf

set -g update-environment "DISPLAY SSH_ASKPASS SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY"
set-environment -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock

mislav

Posted 2011-01-25T22:25:37.790

Reputation: 1 670

In your .tmux.conf configuration file, add this line:

set -g update-environment "SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION"

This causes these environment variables to be copied from your main shell to any shells opened within tmux, which then allows ssh-agent to work properly within those tmux shells.

Trevor Powell

Posted 2011-01-25T22:25:37.790

Reputation: 515

2This is the appropriate method for getting those values into a tmux session, but all of those environment variables should already be included in the default value of update-environment. The OP should check their update-environment value and possibly update wherever it is already being changed. – Chris Johnsen – 2012-02-19T05:35:12.943

1Hm.. after digging further, I agree -- the settings I listed are already in the defaults, and if I run tmux without a .tmux.conf file, everything works properly. And if I remove the line I quoted from my .tmux.conf file, that is working for me as well, although it didn't before. There's clearly something else going wrong occasionally. Maybe to do with suspend/restore or attach/detach or sshing into a tmux session remotely. I'll keep my eyes open and update if I find the factor which makes it reproducible. – Trevor Powell – 2012-02-19T06:43:56.380

update-environment is set correctly. However, the problem still occurs. – Rich – 2012-03-23T10:33:54.553

2The problem with this is that config will only be re-executed when no tmux server is present, defying the purpose of re-attaching... Maybe there is a command line switch to re-update those variables? – Tobias Kienzler – 2013-11-06T13:45:13.457

It happened to me that panes created when connecting via ssh from OS X started asking my passphrase after a while of working ok. I found a way to fix that stealing this line from http://santini.di.unimi.it/extras/ph/my-tmux-setup.html

eval $(tmux show-environment -t [YOUR-SESSION] | grep '^SSH_AUTH_SOCK')

Just run it from the pane that's complaining.

user1153623

Posted 2011-01-25T22:25:37.790

Reputation: 31

Not sure if you are using bash or another shell, but this guy's tmux setup looks like it would work for bash. Personally, I am using zsh with oh-my-zsh, and I found that ssh-agent started working in tmux after I added

zstyle :omz:plugins:ssh-agent agent-forwarding on

to my .zshrc file and reloaded the config in my running zsh sessions. I also found this guy's zsh-oriented solution, but it turned out to be unnecessary for me.

cwjohnston

Posted 2011-01-25T22:25:37.790

Reputation: 131

What does:

echo $SSH_AUTH_SOCK
echo $SSH_AGENT_PID
ssh-add -l

print?

Run it in your normal terminal, then run it inside your tmux session. They should print the same thing.

Mikel

Posted 2011-01-25T22:25:37.790

Reputation: 7 890

I added the response to these commands to the question. I've also realised that the problem also occurs when I login over ssh (without using tmux), and have edited the question accordingly. – Rich – 2011-01-27T09:56:24.077

4ssh is easy. Turn agent forwarding on. Easiest way to do that is run ssh -A instead of ssh. Use an alias so you don't have to type it every time, or put it in your .SSH/config. – Mikel – 2011-01-27T22:37:46.567

Cool, thanks. That worked for ssh. Any ideas how to fix it in tmux? – Rich – 2011-02-01T17:38:18.103

There are many solutions, but the simplest one is found in Hans Ginzel's answer, dated 8 January 2016, to a related StackOverflow question dated 27 January 2014. Simply add the following to your shell ~/.profile or similar:

alias ssh='eval $(tmux show-env -s | grep "^SSH_") && ssh'

There is no need to define multi-line functions or create new temporary files. If you don't want to alias ssh, simply change it to fixssh and remove && ssh at the end, and run fixssh whenever you're trying to run ssh from inside a reattached tmux session.

The answer by Hans Ginzel suggests that a 'newer version' of tmux is required to run show-env -s. This works for me in tmux 2.7, and on my reading of the changelog, -s was added on 3 June 2008 just before the release of tmux 0.3. tmux 2.3 (29 September 2016) is in Debian stable.

sjy

Posted 2011-01-25T22:25:37.790

Reputation: 101