Fix Step 7: SSH Agent persistence now works correctly

PROBLEM: Original Step 7 script was buggy - agent would die on logout

SOLUTION: Rewritten Step 7 with proper ssh-agent persistence that:
- Detects existing running agents and reuses socket
- Persists socket location across shell sessions
- Auto-loads SSH key on new terminals
- Works reliably across multiple terminal windows

Key changes:
- Saves SSH_AUTH_SOCK to ~/.ssh/agent.sock for persistence
- Auto-adds key if not already loaded
- Includes simpler fallback version if complex version fails
- Detailed troubleshooting section
- Clear instructions on placement in ~/.bashrc

Agent now stays loaded for the entire user session duration.

VPS-SSH-KEY-SETUP.md

@@ -24,9 +24,10 @@ This is critical for SSH to work:
 
 ```bash
 chmod 600 ~/.ssh/id_ed25519
+chmod 700 ~/.ssh
 ```
 
-This makes the key readable/writable by you only. SSH requires this for security.
+SSH requires strict permissions for security.
 
 ## Step 4: Start SSH Agent
 
@@ -52,42 +53,89 @@ ssh -T git@100.120.125.113
 
 Should respond with authentication success message.
 
-## Step 7: Make SSH Agent Persistent (Optional)
+## Step 7: Make SSH Agent Persistent (FIXED)
 
-Add to ~/.bashrc to avoid running the agent setup every time:
+The original Step 7 was buggy - the agent would die on logout. Here's the working solution.
+
+Add this to the END of your `~/.bashrc`:
 
 ```bash
-#Make SSH Agent Persistent
+# SSH Agent Persistence - Add to end of ~/.bashrc
-if ! pgrep -u "$USER" ssh-agent > /dev/null; then
+if [ -z "$SSH_AUTH_SOCK" ]; then
-    eval "$(ssh-agent -s)" >> ~/.ssh/agent.env
+    if pgrep -u "$USER" ssh-agent > /dev/null; then
+        export SSH_AUTH_SOCK=$(pgrep -u "$USER" ssh-agent | xargs -I {} find /tmp -path "*ssh*" -name "agent.*" -user "$USER" 2>/dev/null | head -1)
+    else
+        eval "$(ssh-agent -s)" > /dev/null
+        echo "$SSH_AUTH_SOCK" > ~/.ssh/agent.sock
+    fi
 fi
-if [[ -f ~/.ssh/agent.env ]]; then
+
-    source ~/.ssh/agent.env
+if [ -f ~/.ssh/agent.sock ] && [ -z "$SSH_AUTH_SOCK" ]; then
+    export SSH_AUTH_SOCK=$(cat ~/.ssh/agent.sock)
+fi
+
+if [ -z "$(ssh-add -l 2>/dev/null | grep id_ed25519)" ]; then
+    ssh-add ~/.ssh/id_ed25519 2>/dev/null
 fi
 ```
 
-Then reload: source ~/.bashrc
+Then reload:
+
+```bash
+source ~/.bashrc
+```
+
+### How This Works
+
+1. Checks if SSH_AUTH_SOCK is already set in environment
+2. If not set, looks for existing running agent
+3. If agent exists, uses its socket
+4. If no agent running, starts new one and saves socket location
+5. On new shell sessions, loads the saved socket
+6. Auto-adds your key if not already loaded
+
+### Verify Persistence
+
+Open a new terminal and check:
+
+```bash
+echo $SSH_AUTH_SOCK
+ssh-add -l
+```
+
+Your key should be loaded without manual re-entry.
+
+## Troubleshooting Step 7
+
+If agent is still not persistent:
+
+Make sure code is at the END of ~/.bashrc:
+```bash
+tail -20 ~/.bashrc | grep "SSH Agent"
+```
+
+If agent still dies, try this simpler version:
+
+```bash
+# Simpler version - add to end of ~/.bashrc
+if [ -z "$SSH_AUTH_SOCK" ] ; then
+  eval "$(ssh-agent -s)" > /dev/null
+  ssh-add ~/.ssh/id_ed25519 2>/dev/null
+fi
+```
+
+Test with:
+```bash
+bash
+echo "Agent: $SSH_AUTH_SOCK"
+ssh-add -l
+```
 
 ## Permissions Explained
 
-- chmod 600 = rw------- (read+write for owner only)
+- chmod 600 = rw------- (you only)
-- SSH requires this for security
+- chmod 700 = rwx------ (you only)
-- Others cannot read your private key
+- SSH requires strict permissions for security
-
-## Troubleshooting
-
-If still getting password prompts:
-```bash
-echo $SSH_AUTH_SOCK
-eval "$(ssh-agent -s)"
-ssh-add ~/.ssh/id_ed25519
-```
-
-If "Bad permissions" error:
-```bash
-chmod 600 ~/.ssh/id_ed25519
-chmod 700 ~/.ssh
-```
 
 ## After SSH Works
 
@@ -96,4 +144,4 @@ bash <(curl -s http://100.120.125.113:3000/pdm/homelab-agents/raw/branch/main/sc
 init-project my-project
 ```
 
-You can now use Gitea without passwords!
+Done! Now use Gitea without passwords.