SSH Key Agent and Screen

I love screen. I use it whenever I can. I even experimented a bit with ratpoison, that's how much I love screen. One thing that drove me mad, though, was that SSH's key agent (ssh-agent) and screen are not good buddies. The problem is that old window sessions point to old SSH sockets to the agent. If I detach my screen session, log out, log back in later, and reattach to that session, SSH points to old sockets. What's the point of screen if I can't logout and login keeping a persistent state of things? With SSH being core to everything I do, I can't go without it. At work, key agents are especially important with our smartcards.

So, I made a hack to allow me to forward my key info through my screen sessions. This hack is, well, a hack, but it works for me.

First things first, edit your .screenrc file to contain a line like this:

setenv SSH_AUTH_SOCK $HOME/tmp/socket

This makes every window from your .screen point to a custom socket rather than the system set socket to your key agent.

Next, make a script that does something like this:

#!/bin/sh
/usr/bin/rm /export/home/username/tmp/socket
/usr/bin/ln -s $SSH_AUTH_SOCK /export/home/username/tmp/socket

This script creates a softlink from our own socket to the real key agent socket as presented by SSH_AUTH_SOCK. I called this script "screen-ssh-agent" and stuck it in my personal bin directory. Now, for your login, you need something like this to execute:

~/bin/screen-ssh-agent

Old-timey SA's like myself use tcsh, so I just added this to my ".login".

Now, after I login to this box and kick off screen, running ssh from any window inside will refer to the staticly named file "tmp/socket" that links to the real socket that is uniquely created and named by sshd everytime I login.

One key to rule them all!