matir/skel
1
0
Fork 0
mirror of https://github.com/Matir/skel.git synced 2026-05-25 21:19:09 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix SSH agent forwarding clobbered by local agent in shenv

Browse Source 
ssh/rc saves the raw forwarded socket in SSH_REMOTE_AUTH_SOCK before
rewriting SSH_AUTH_SOCK to the stable symlink. shenv was ignoring that
variable, so it saw SSH_AUTH_SOCK as "our link" and fell through to the
systemd lookup, which could overwrite the symlink with a local agent
socket and silently drop the forwarded one.

Now shenv checks SSH_REMOTE_AUTH_SOCK first, giving forwarded sockets
priority over any local agent.

https://claude.ai/code/session_01RhXaFzxJA5D2BcGcz18ipA
This commit is contained in:
Claude
2026-04-19 01:43:12 +00:00
parent 1804357162
commit 6b50be84a9
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dotfiles/shenv
View File

@@ -113,8 +113,12 @@ _is_link_path() {
_CANDIDATE="" _CANDIDATE=""
# 1. If current environment has a valid socket that is NOT our link, it's a prime candidate (e.g. SSH forwarding). # 1. Highest priority: ssh/rc sets SSH_REMOTE_AUTH_SOCK to the raw forwarded socket before
if [ -S "${SSH_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_AUTH_SOCK}"; then # rewriting SSH_AUTH_SOCK to the stable symlink, so it survives the rewrite.
if [ -S "${SSH_REMOTE_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_REMOTE_AUTH_SOCK}"; then
_CANDIDATE="${SSH_REMOTE_AUTH_SOCK}"
# If current environment has a valid socket that is NOT our link, it's a prime candidate (e.g. SSH forwarding).
elif [ -S "${SSH_AUTH_SOCK:-}" ] && ! _is_link_path "${SSH_AUTH_SOCK}"; then
_CANDIDATE="${SSH_AUTH_SOCK}" _CANDIDATE="${SSH_AUTH_SOCK}"
fi fi