Wednesday, June 16, 2021

Sharing SSH session variables across multiple sessions

In Unix-like systems, we're used to using ssh-agent to keep track of our private keys making it easier to log into remote systems. When using tmux or screen, it can be difficult to do this using just one agent unless you store certain values for later retrieval. Here is a script that makes that much easier / possible.

In order to use this script, place this file into your $HOME/bin directory and set the permissions of that file to 0755 if you want to share, or 0700 if you don't.

#!/bin/sh
#
# Save SSH environment variables for later
# retrieval to keep from having to start
# multiple ssh-agent executables.
#
# Use the following alias to automatically
# reconnect to the "old" session after using
# grabssh. Note that it assumes that your
# private keys all end in '.pem'.
#
# alias fixssh='source $HOME/bin/fixssh_helper 2>/dev/null ; temp="`ssh-add -l >/dev/null 2>/dev/null`" ; if [ $? -ne 0 ] ; then eval "`ssh-agent -s` ; $HOME/bin/grabssh ; ssh-add $HOME/.ssh/*.pem" ; else echo "Reconnected to ssh-agent" ; ssh-add -l ; fi'
#
SSHVARS="SSH_AUTH_SOCK SSH_AGENT_PID DISPLAY"

for x in ${SSHVARS} ; do
    (eval echo $x=\$$x) | sed  's/=/="/
                                s/$/"/
                                s/^/export /'
done 1>$HOME/bin/fixssh_helper

chmod 600 $HOME/bin/fixssh_helper

echo "Saved SSH auth information for later retrieval"

Make sure that $HOME/bin is in your PATH environment variable so no matter where you are, it'll find this script.

The script itself gives us a suggestion to use an alias in our shell's rc file. In my case, that's .zshrc, but you may be using .bashrc, .kshrc, or some other default file in your home directory. Your mileage may vary but this has been thoroughly tested with zsh and bash.

Example usage (running for the first time):

$ fixssh
command not found: fixssh

This is a good thing. We're not going to mess with any system commands named fixssh. :-)

$ alias fixssh='source $HOME/bin/fixssh_helper 2>/dev/null ; temp="`ssh-add -l >/dev/null 2>/dev/null`" ; if [ $? -ne 0 ] ; then eval "`ssh-agent -s` ; $HOME/bin/grabssh ; ssh-add $HOME/.ssh/*.pem" ; else echo "Reconnected to ssh-agent" ; ssh-add -l ; fi'

This installs the script we were asked to run (above) for our current shell.

If you don't have any SSH keys, there are lots of articles out there on how to generate SSH keys. I won't duplicate their efforts here.

Now, let's make sure we have a .pem file for it to use. I'll assume that you usually have id_rsa as your primary SSH private key. If there are others, you'll want to follow this same process with each private key file. There is no need to do this with public keys (.pub files).

$ mv $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa.pem

Now we have an SSH key we can use with this system.

$ fixssh
Agent pid 32977
Saved SSH auth information for later retrieval
Identity added: *****.pem (*****.pem)

What happens if you close your ssh session? You can use fixssh again to reconnect to your ssh-agent. What if you open another session in parallel? As above, use fixssh to reconnect to your existing ssh-agent.

This is a great tool for folks that need to log into a jumpbox without having to set up their ssh-agent each time.

Note: I found the grabssh and fixssh methods on the web *many* years ago and while I have long since forgotten where that came from, my goal is not to plagiarize that method. This method of using fixssh has evolved greatly from the original. Hats off to the original poster.

No comments:

Post a Comment