ssh-agent across ssh sessions on shared host [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

I ssh into a shared host (WebFaction) and then use ssh-agent to establish a connection to a mercurial repository (BitBucket). I call the agent like so:

eval `ssh-agent`

This then spews out the pid of the agent and sets its relevant environment variables. I then use ssh-add as follows to add my identity (after typing my passphrase):

ssh-add /path/to/a/key

My ssh connection eventually times out and I'm disconnected from the server. When I log back in, I can no longer connect to the Hg server and so I do this:

ps aux | grep 1234.*ssh-agent`
kill -SIGHUP 43210

And then repeat the two commands at the top of the post (ie. invoke the agent using eval and call ssh-add).

I'm sure that there's a well established idiom for avoiding this process and maintaining a "reference" to the agent that was spawned initially. I've tried redirecting I/O of the first command to a file (in the hope of sourcing it in my .bashrc), but I only get the agent's pid.

How can I avoid having to go through this process each time I ssh into the host?

My *NIX skills are weak, so constructive criticism on any aspect of the post is welcome, not just my use of ssh-agent.

Answer 1

Short answer:

With ssh-agent running locally and identities added, ssh -A user@host.webfaction.com provides the secure shell on the remote host with the local agent's identities.

Long answer:

As Charles suggested, agent forwarding is the solution.

At first, I thought that I could just issue an ssh user@host.webfaction.com and then, from within the secure session on the remote host, connect to the BitBucket repository using hg+ssh. But that failed, and so I investigated the ForwardAgent and AgentForwardingEnabled flags.

Thinking that I'd have to settle for a workaround in .bashrc that involved keeping my private key on the remote host, I went looking for a shell-script solution but was spared from this kludge by this answer in SuperUser, which is perfect and works without any client configuration (I'm not sure how the sshd server is configured on WebFaction).

Aside: in my question, I posted the following:

ps aux | grep 1234.*ssh-agent`
kill -SIGHUP 43210 

but this is actually inefficient and requires the user to know his/her uid (available via /etc/passwd). pgrep is much easier:

pgrep -u username process-name