diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-22 10:41:24 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-22 10:41:24 +0100 |
| commit | 982d180f9b9a2f8a90d454816474dce8d4b4b8e2 (patch) | |
| tree | f21a97bbb74eca554775b37fb9faed23bbbfd315 /dot_config/zsh/dot_zprofile | |
| parent | 6b7e057bd4fc2cbdffe5fc8b3095810db1ccf9e3 (diff) | |
| download | dotfiles-982d180f9b9a2f8a90d454816474dce8d4b4b8e2.tar.gz dotfiles-982d180f9b9a2f8a90d454816474dce8d4b4b8e2.tar.bz2 dotfiles-982d180f9b9a2f8a90d454816474dce8d4b4b8e2.zip | |
fix(ssh): make agent.sock symlink concurrent-connection-safe
Previously every new login retargeted ~/.ssh/agent.sock to its own
per-connection forwarded socket. That broke a multi-connection setup
when the most-recent connection (which 'won' the symlink) dropped:
all surviving connections' panes would point at a dead socket until a
fresh login from a surviving connection re-ran zprofile.
zprofile: only retarget when the existing symlink target is dead
(sshd unlinks the per-connection socket on disconnect, so [[ -S ]] on
the resolved path is a reliable liveness probe). First connection
seeds the symlink, subsequent logins keep using it.
ssh-agent-refresh: scan /tmp/ssh-*/agent.* for any live forwarded
socket and retarget to the first that responds to ssh-add. Lets the
surviving connection recover without waiting for a new login shell.
Diffstat (limited to 'dot_config/zsh/dot_zprofile')
| -rw-r--r-- | dot_config/zsh/dot_zprofile | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/dot_config/zsh/dot_zprofile b/dot_config/zsh/dot_zprofile index b0f7089..7b79af0 100644 --- a/dot_config/zsh/dot_zprofile +++ b/dot_config/zsh/dot_zprofile @@ -64,11 +64,18 @@ unset SSH_AGENT_PID # git-fetch keep working without any per-pane re-export. if [[ -n "$SSH_CONNECTION" && -S "$SSH_AUTH_SOCK" ]]; then stable_sock="$HOME/.ssh/agent.sock" - if [[ "$SSH_AUTH_SOCK" != "$stable_sock" ]]; then + # Only retarget if the current symlink target is dead. Sshd unlinks + # the per-connection socket file on disconnect, so [[ -S ]] on the + # resolved path is a reliable liveness probe. Avoiding gratuitous + # retargets keeps multi-connection setups stable: the first + # connection seeds the symlink, subsequent logins keep using it, + # and only if that connection drops does the next login retarget. + current_target="$(readlink "$stable_sock" 2>/dev/null)" + if [[ ! -S "$current_target" ]]; then ln -sfn "$SSH_AUTH_SOCK" "$stable_sock" fi export SSH_AUTH_SOCK="$stable_sock" - unset stable_sock + unset stable_sock current_target else # Local login: route ssh auth through gpg-agent. SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" |