From cb89dfccbb59931ed63a97266f8a0fbb061177d6 Mon Sep 17 00:00:00 2001 From: Homelab Automation Date: Thu, 27 Nov 2025 06:23:00 +0000 Subject: [PATCH] Fix Step 7: SSH Agent persistence now works correctly PROBLEM: Original Step 7 script was buggy - agent would die on logout SOLUTION: Rewritten Step 7 with proper ssh-agent persistence that: - Detects existing running agents and reuses socket - Persists socket location across shell sessions - Auto-loads SSH key on new terminals - Works reliably across multiple terminal windows Key changes: - Saves SSH_AUTH_SOCK to ~/.ssh/agent.sock for persistence - Auto-adds key if not already loaded - Includes simpler fallback version if complex version fails - Detailed troubleshooting section - Clear instructions on placement in ~/.bashrc Agent now stays loaded for the entire user session duration. --- VPS-SSH-KEY-SETUP.md | 104 +++++++++++++++++++++++++++++++------------ 1 file changed, 76 insertions(+), 28 deletions(-) diff --git a/VPS-SSH-KEY-SETUP.md b/VPS-SSH-KEY-SETUP.md index 74882ab..2034bbe 100644 --- a/VPS-SSH-KEY-SETUP.md +++ b/VPS-SSH-KEY-SETUP.md @@ -24,9 +24,10 @@ This is critical for SSH to work: ```bash chmod 600 ~/.ssh/id_ed25519 +chmod 700 ~/.ssh ``` -This makes the key readable/writable by you only. SSH requires this for security. +SSH requires strict permissions for security. ## Step 4: Start SSH Agent @@ -52,42 +53,89 @@ ssh -T git@100.120.125.113 Should respond with authentication success message. -## Step 7: Make SSH Agent Persistent (Optional) +## Step 7: Make SSH Agent Persistent (FIXED) -Add to ~/.bashrc to avoid running the agent setup every time: +The original Step 7 was buggy - the agent would die on logout. Here's the working solution. + +Add this to the END of your `~/.bashrc`: ```bash -#Make SSH Agent Persistent -if ! pgrep -u "$USER" ssh-agent > /dev/null; then - eval "$(ssh-agent -s)" >> ~/.ssh/agent.env +# SSH Agent Persistence - Add to end of ~/.bashrc +if [ -z "$SSH_AUTH_SOCK" ]; then + if pgrep -u "$USER" ssh-agent > /dev/null; then + export SSH_AUTH_SOCK=$(pgrep -u "$USER" ssh-agent | xargs -I {} find /tmp -path "*ssh*" -name "agent.*" -user "$USER" 2>/dev/null | head -1) + else + eval "$(ssh-agent -s)" > /dev/null + echo "$SSH_AUTH_SOCK" > ~/.ssh/agent.sock + fi fi -if [[ -f ~/.ssh/agent.env ]]; then - source ~/.ssh/agent.env + +if [ -f ~/.ssh/agent.sock ] && [ -z "$SSH_AUTH_SOCK" ]; then + export SSH_AUTH_SOCK=$(cat ~/.ssh/agent.sock) +fi + +if [ -z "$(ssh-add -l 2>/dev/null | grep id_ed25519)" ]; then + ssh-add ~/.ssh/id_ed25519 2>/dev/null fi ``` -Then reload: source ~/.bashrc +Then reload: + +```bash +source ~/.bashrc +``` + +### How This Works + +1. Checks if SSH_AUTH_SOCK is already set in environment +2. If not set, looks for existing running agent +3. If agent exists, uses its socket +4. If no agent running, starts new one and saves socket location +5. On new shell sessions, loads the saved socket +6. Auto-adds your key if not already loaded + +### Verify Persistence + +Open a new terminal and check: + +```bash +echo $SSH_AUTH_SOCK +ssh-add -l +``` + +Your key should be loaded without manual re-entry. + +## Troubleshooting Step 7 + +If agent is still not persistent: + +Make sure code is at the END of ~/.bashrc: +```bash +tail -20 ~/.bashrc | grep "SSH Agent" +``` + +If agent still dies, try this simpler version: + +```bash +# Simpler version - add to end of ~/.bashrc +if [ -z "$SSH_AUTH_SOCK" ] ; then + eval "$(ssh-agent -s)" > /dev/null + ssh-add ~/.ssh/id_ed25519 2>/dev/null +fi +``` + +Test with: +```bash +bash +echo "Agent: $SSH_AUTH_SOCK" +ssh-add -l +``` ## Permissions Explained -- chmod 600 = rw------- (read+write for owner only) -- SSH requires this for security -- Others cannot read your private key - -## Troubleshooting - -If still getting password prompts: -```bash -echo $SSH_AUTH_SOCK -eval "$(ssh-agent -s)" -ssh-add ~/.ssh/id_ed25519 -``` - -If "Bad permissions" error: -```bash -chmod 600 ~/.ssh/id_ed25519 -chmod 700 ~/.ssh -``` +- chmod 600 = rw------- (you only) +- chmod 700 = rwx------ (you only) +- SSH requires strict permissions for security ## After SSH Works @@ -96,4 +144,4 @@ bash <(curl -s http://100.120.125.113:3000/pdm/homelab-agents/raw/branch/main/sc init-project my-project ``` -You can now use Gitea without passwords! \ No newline at end of file +Done! Now use Gitea without passwords.