50 lines
1.6 KiB
Plaintext
50 lines
1.6 KiB
Plaintext
<!-- { "title": "SSH Key Forwarding meets Screen" } -->
|
|
|
|
|
|
<h1>#title#</h1>
|
|
<p>
|
|
I'm using both SSH key forwarding and screen a lot. Since I discovered Nitrokey, the OpenPGP card and Yubikey, all my SSH keys are on those tokens.
|
|
|
|
It works perfectly: You authenticated using the token in the laptop and use that key over a whole chain of machines and in some cases and the third or fourth machine in a row to pull and push to git.
|
|
</p>
|
|
|
|
<p>
|
|
I'm also using screen a lot. I set up a bunch of related sessions, sometimes on different machine in one screen session, detach from it, use it again the next day and so on.
|
|
|
|
Also works fine. Longwinding login processes, especially when bastion hosts and jump hosts are involved can be avoided.
|
|
|
|
However, at least out of the box, SSH key forwarding does not work in this setup. Suddenly ssh asks for passwords. Ugh!
|
|
</p>
|
|
|
|
<p>
|
|
Google was my friend and I found this page: <a href="https://gist.github.com/martijnvermaat/8070533">https://gist.github.com/martijnvermaat/8070533</a>. Martijn explains an easy solution to address this problem.
|
|
|
|
Not to forget it again I will summarize it here.
|
|
</p>
|
|
|
|
<p>
|
|
<ol>
|
|
<li>Create a file <tt>~/.screenrc</tt> and put
|
|
|
|
<pre><code class="shell">
|
|
setenv SSH_AUTH_SOCK $HOME/.ssh/SSH_AUTH_SOCK
|
|
</code></pre>
|
|
|
|
into it. If you are using bash, don't be tempted to write <tt>export</tt> instead of <tt>setenv</tt>, it won't work.
|
|
</li>
|
|
<li>
|
|
Create a file <tt>~/.ssh/rc</tt> and put
|
|
|
|
<pre><code class="shell">
|
|
if test "$SSH_AUTH_SOCK" ; then
|
|
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
|
|
fi
|
|
</code></pre>
|
|
|
|
into it.
|
|
</li>
|
|
<li>Restart the screen session, done. Works perfectly for me.</li>
|
|
</ol>
|
|
|
|
|