ssh-agent like behavior for any dotfile

Question

I am trying to build (or find if it exists) something that will let me take my dotfiles to servers that I visit like ssh-agent does for my keys.

I spend a lot of time working with EC2 for work and when I spin up a new instance I dislike not having my dotfiles with me (.vimrc, .gitconfig and my aliases mostly).

I keep all my dotfiles under git and are publicly available but this isn't enough of a solution for few reasons:

1. I ssh to production hosts which I cannot install git and cannot easily access the internet.
2. I do not control the AMI's we run from so I cant bake my dotfiles in and also I usually share the ubuntu or root user and rarely have a dedicated username on a host (so I cannot just clone and leave my dotfiles there).

For now I am happy to build this to work with only one level of ssh. that is A -> B -> C (its ok if only B has access to the dotfiles and C loses them).

I am thinking of something like:

ssh -t -R 1234:localhost:1234 user@server 'export USE_DOTFILES_AGENT=1 ; exec $SHELL'

with something serving the dotfiles on 1234 on my localhost so my question is:

What is the best way to make the programs on the remove side read their dotfiles from a socket (happy to put anything thats necessary on the other side).

EDIT: While apmasell's answer is helpful I was not thinking of such a high tech solution. Possibly something more along the lines of wget from that port into /tmp/_vimrc then getting vim to load that somehow (by running alias vim=vim <flag for where to find vimrc>).

Answer 1

SSH does nothing special when it comes to any files. The SSH Agent is able to work from that dot file because the ssh binary know to attempt to open a connection to the agent via the the named pipe set in $SSH_AUTH_SOCK and because the SSH client and server can agree to proxy that request.

Other programs that don't have any logic built in to do this, simply put, can't. There isn't a way for them to know that they should not do a standard open on the file.

If you really, really wanted to, you could create an $LD_PRELOAD'ed library that overrides open to check if the file is available and attempt to simulate access to the file, much the way that ALSA can pretend to provide OSS support to programs that aren't aware of ALSA by trapping their attempt to open /dev/dsp and then translating the requests to the ALSA audio layer.

Writing such a piece of code is extremely tricky, as it will require correctly simulating the behaviour of the local system. For instance, what do you do when a programs writes? What do you do if the connection goes away? What happens when you fork off a daemon? Depending on the design, there may be a lot of latency.