Home » Questions » Computers [ Ask a new question ]

How do you get screen to automatically connect to the current ssh-agent when re-attaching to an existing screen?

How do you get screen to automatically connect to the current ssh-agent when re-attaching to an existing screen?

If you start a screen session while ssh-agent is running (from ssh -A agent forwarding), accessing ssh-agent works fine. However, if you detach from that session, log out, log in again (with ssh-agent forwarding), and re-attach to your screen session, ssh-agent access doesn't work.

Asked by: Guest | Views: 70
Total answers/comments: 4
Guest [Entry]

"""ssh -t some.machine screen -R"" won't run bash and therefore won't run the .bash_profile script where the symlink is created.

You could try: ssh -t some.machine bash -c ""screen -R""

(assuming you are using bash as your shell of course)

Edit: That ""answer"" is actually a comment on the first answer given above :)"
Guest [Entry]

"I commonly keep long term (6+ months) sessions running at my workplace on different servers. So repeatedly reattaching and having a viable ssh forwarding agent has been problematic. This is what I set up on my systems:

if [ -z ""${STY}"" -a -t 0 -a X${USER} = Xmyusername ]; then
reattach () {
if [ -n ""${SSH_AUTH_SOCK}"" ]; then
ln -snf ""${SSH_AUTH_SOCK}"" ""${HOME}/.ssh/agent-screen""
SSH_AUTH_SOCK=""${HOME}/.ssh/agent-screen"" export SSH_AUTH_SOCK
fi
exec screen -A -D -RR ${1:+""$@""} ;
}

screen -wipe
echo 'starting screen... (type Cntl-C to abort)'
sleep 5 && reattach
fi

If I just log in to the remote server without starting/reattaching screen, then there will be two ""sockets"", one in use by screen and another by the new shell. There shouldn't be two ""startup"" sessions, but a second session could still be started using reattach -S new; in this situation, the agent would be shared with the ~/.ssh/agent-screen value. To get a working forwarding agent back, then I would detach, log back in. The X${USER} = Xmyusername ensures that the code won't be called through sudo on the same server."
"I commonly keep long term (6+ months) sessions running at my workplace on different servers. So repeatedly reattaching and having a viable ssh forwarding agent has been problematic. This is what I set up on my systems:

if [ -z ""${STY}"" -a -t 0 -a X${USER} = Xmyusername ]; then
reattach () {
if [ -n ""${SSH_AUTH_SOCK}"" ]; then
ln -snf ""${SSH_AUTH_SOCK}"" ""${HOME}/.ssh/agent-screen""
SSH_AUTH_SOCK=""${HOME}/.ssh/agent-screen"" export SSH_AUTH_SOCK
fi
exec screen -A -D -RR ${1:+""$@""} ;
}

screen -wipe
echo 'starting screen... (type Cntl-C to abort)'
sleep 5 && reattach
fi

If I just log in to the remote server without starting/reattaching screen, then there will be two ""sockets"", one in use by screen and another by the new shell. There shouldn't be two ""startup"" sessions, but a second session could still be started using reattach -S new; in this situation, the agent would be shared with the ~/.ssh/agent-screen value. To get a working forwarding agent back, then I would detach, log back in. The X${USER} = Xmyusername ensures that the code won't be called through sudo on the same server."
Guest [Entry]

"I am using a variation of what @apinstein is using for my .bashrc.

case ""$TERM"" in
screen)
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
;;
*)
if [[ -n ""$SSH_AUTH_SOCK"" ]]; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
;;
esac

This works for all the apps running in my screen session. This would work for all new shells in your screen session. For existing shells you need to run export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock on the host shell to make it work.

P.S. Sorry for adding this as an independent answer, whereas it just built upon @apinstein's answer. Had to do this as comments in stackoverflow do not support code blocks."
Guest [Entry]

"I tried this simple one liner as suggested on Let's make screen and ssh-agent friends and it works for me.

First Time login to Target.Needs to be done only once.

ssh -o StrictHostKeyChecking=no -C <userid>@<server>

Launch Screen for the First time..Needs to be done only once.

eval `ssh-agent`; /usr/bin/screen -D -R -h 10000
ssh-add

If detached or disconnected, use this command to login subsequently to connect to the exiting screen.

ssh -o StrictHostKeyChecking=no -C -t <userid>@<server> ssh-agent /usr/bin/screen -D -R -h 10000"