diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-14 12:53:48 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-14 12:53:48 +0100 |
| commit | 26616fced56d7d4b18ec4f3157a65366be35f90f (patch) | |
| tree | dcd2b02fc6654e9a65406e4c2e931fd1908c9740 | |
| parent | 8e5f5efc70680128545d26864263e5628fc74276 (diff) | |
| download | dotfiles-26616fced56d7d4b18ec4f3157a65366be35f90f.tar.gz dotfiles-26616fced56d7d4b18ec4f3157a65366be35f90f.tar.bz2 dotfiles-26616fced56d7d4b18ec4f3157a65366be35f90f.zip | |
fix(zsh): preserve forwarded SSH_AUTH_SOCK in SSH sessions
zprofile unconditionally pointed SSH_AUTH_SOCK at the local
gpg-agent's ssh socket. On remote machines (e.g. remote-dev VM)
that clobbers ssh-agent forwarding — `ssh-add -L` reports no
identities because the VM's gpg-agent has no keys.
Only override when there's no forwarded socket (no $SSH_CONNECTION
or no $SSH_AUTH_SOCK from sshd).
| -rw-r--r-- | dot_config/zsh/dot_zprofile | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/dot_config/zsh/dot_zprofile b/dot_config/zsh/dot_zprofile index 3c824d3..c02d15a 100644 --- a/dot_config/zsh/dot_zprofile +++ b/dot_config/zsh/dot_zprofile @@ -41,8 +41,12 @@ export LESS="-F --RAW-CONTROL-CHARS" # ── GPG / SSH ───────────────────────────────────────────────────────────────── unset SSH_AGENT_PID -SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" -export SSH_AUTH_SOCK +# If we're inside an SSH session with a forwarded agent socket, keep it. +# Otherwise route SSH auth through the local gpg-agent. +if [[ -z "$SSH_CONNECTION" || -z "$SSH_AUTH_SOCK" ]]; then + SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + export SSH_AUTH_SOCK +fi # ── FZF ─────────────────────────────────────────────────────────────────────── export FZF_DEFAULT_COMMAND="fd --type file --follow --hidden --exclude .git --color=always" |