Thursday, February 16, 2012

Sharing ssh-agents across logins...

This is just cool.

I have this sort of weird setup.  In my day-to-day work, I need to use Windows because some tools are only available for Windows, but also because my company's products are remote connectivity products and typically have Windows clients.  So I have a Windows box with 2 20" monitors and my keyboard and mouse and all that good stuff hooked up there.

But I do most of my work in Linux.  Not only am I typically working on remote machines, either hosted at our corporate headquarters thousands of miles away, or at a datacenter somewhere, I also have my laptop here running Linux.  But to exercise our connectivity products, I usually don't work on the laptop's console.  For those cases where I do need to work on the laptop's console, I use Synergy to remotely "control" the laptop's console.  this way, I can pretend I have a 3-monitor setup, one of which just happens to be Linux.

I've had this setup for years and it's mostly worked pretty good, with one exception.  I'm forever having to start new ssh-agents and ssh-add my private keys to them.  The console is typically semi-decent, depending on how it's configured it generally has an agent autostarted and often it will ask me to unlock the key and I'll be good to go.  But all of my remote sessions start bare.

So I stumbled across a posting on SuperUser dealing with exactly this issue.  The (not top but IMHO best) answer seems to be a few simple lines added to your .bashrc:

check-ssh-agent() {
[ -S "$SSH_AUTH_SOCK" ] && { ssh-add -l >& /dev/null || \
                              [ $? -ne 2 ]; }
}
check-ssh-agent || export SSH_AUTH_SOCK=~/.tmp/ssh-agent.sock
check-ssh-agent || \
        eval "$(ssh-agent -s -a ~/.tmp/ssh-agent.sock)" > /dev/null
This will start a new agent if one doesn't exist, otherwise it will "piggy-back" onto the existing one.  Very slick, IMHO, although it doesn't interact with the keyring stuff being done on the console.  (But again, since most of my work is done via remote sessions, that's fine with me.)