Why Reset Environment Variables in tmux When Re-attaching? – Explained

environment-variablesshelltmux

I mainly work on a mac and ssh/tmux attach to a Linux machine to do my work. I have ssh-agent running on the Linux machine. I have

set -g update-environment "SSH_AUTH_SOCK SSH_ASKPASS WINDOWID SSH_CONNECTION XAUTHORITY"

in my .tmux.conf. Yet, whenever I re-attach to this session, I have to run

tmux setenv SSH_AUTH_SOCK $SSH_AUTH_SOCK

in order for new tmux windows to have $SSH_AUTH_SOCK set correctly. I would prefer to not have to do this. Any ideas?

Update

I think I'm not explaining this well. Here's my shell function to open a shell on a remote machine:

sshh () {
    tmux -u neww -n ${host} "ssh -Xt ${host} $*"
}

When tmux runs this ssh command, $SSH_AUTH_SOCK is not set, even though it is set in my local environment. If I put this in tmux's environment with the setenv command above, everything works fine. My question is, why do I have to run the setenv command at all?

Update 2

More information:

When I attach to an existing session, $SSH_AUTH_SOCK is not set in the tmux environment (or global environment).

% tmux showenv | grep -i auth_sock
-SSH_AUTH_SOCK

If I set it manually, things work:

% tmux setenv SSH_AUTH_SOCK $SSH_AUTH_SOCK

If I detach and re-attach, $SSH_AUTH_SOCK goes back to not being set.

Best Answer

Since I received the Bounty, I'll repost my key-comment for completeness sake - and to avoid setting visitors with the same problem on the wrong track:

Tmux will remove Environment Variables

Tmux' man page states that update-environment will remove variables "that do not exist in the source environment [...] as if -r was given to the set-environment command".

Apparently that what caused the issue. See Chris' response below. However, I still can't imagine how the variable could be absent in the "source environment" and yet be valid in the newly created tmux window...

Previous Answer:

How SSH forwarding works

On the remote machine, take a look at the environment of your shell after establishing the SSH connection:

user@remote:~$ env | grep SSH
SSH_CLIENT=68.38.123.35 45926 22
SSH_TTY=/dev/pts/0
SSH_CONNECTION=68.38.123.35 48926 10.1.35.23 22
SSH_AUTH_SOCK=/tmp/ssh-hRNwjA1342/agent.1342

The important one here is SSH_AUTH_SOCK which is currently set to some file in /tmp. If you examine this file, you'll see that it's a Unix domain socket -- and is connected to the particular instance of ssh that you connected in on. Importantly, this changes every time you connect.

As soon as you log out, that particular socket file is gone. Now, if you go and reattach your tmux session, you'll see the problem. It has the environment from when tmux was originally launched -- which could have been weeks ago. That particular socket is long since dead.

Solution

Since we know the problem has to do with knowing where the currently live SSH authentication socket is, let's just put it in a predictable place!

In your .bashrc or .zshrc file on the remote machine, add the following:

# Predictable SSH authentication socket location.
SOCK="/tmp/ssh-agent-$USER-screen"
if test $SSH_AUTH_SOCK && [ $SSH_AUTH_SOCK != $SOCK ]
then
    rm -f /tmp/ssh-agent-$USER-screen
    ln -sf $SSH_AUTH_SOCK $SOCK
    export SSH_AUTH_SOCK=$SOCK
fi

I don't think you even have to put an 'update-environment command' in your tmux.conf. According to the man page, SSH_AUTH_SOCK is already covered by default.

Credit

My response is an excerpt of this blog post by Mark 'xb95' Smith who explains the same problem for screen.

Related Question