tmux: Cannot SSH from inside tmux, even though I have agent-forwarding (ssh -A) on

All we need is an easy explanation of the problem, so here it is.

So I have keys to some servers stored locally on my MacBook, but I work from inside a Virtual Machine a considerable amount of time, so I SSH to the VM with ssh -A. This allows me to SSH to servers from inside the VM.

I recently started using tmux to manage my terminal windows better, but I’ve discovered an odd problem. While the initial window I open in tmux can use SSH, any additional opened windows cannot. ssh-add shows that from inside this tmux window no connection can be opened to my SSH agent. Any ideas how to make tmux play nicely with SSH agent-forwarding?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

When you open a second connection to your VM, it will use a different SSH_AUTH_SOCK environment variable, but tmux and the processes under it will only know the old value.

When you attach to an existing session, tmux can tell the master process to update some environment variables. SSH_AUTH_SOCK is already in the list, but you can add custom ones by ~/.tmux.conf:

set -ga update-environment " FOO BAR"

However, this will only affect new tmux windows opened by prefix c. It is impossible for tmux to update the environment of already running processes (shells, etc).

With OpenSSH you can reuse the same SSH connection for multiple sessions, retaining SSH_AUTH_SOCK.

  1. Start a master connection:

    ssh -AfNMS ~/.ssh/myvmhostname.socket myvmhostname
  2. Open a session over it:

    ssh -S ~/.ssh/myvmhostname.socket myvmhostname

(For automation of -M and -S, refer to ControlMaster/ControlPath in the ssh_config manual page.)

Method 2

Hi I know this is an old question,
But I found this page basically saing add this to your .bashrc file on your VM. Basically it links your ssh socket to a predicable target. TBH this may be a security issue, but I dont think it should be a huge one if you are the machine admin (I am no expert on security however):

(From marks blog)

In your .bashrc or .zshrc file, add the following:

# Predictable SSH authentication socket location.
if test $SSH_AUTH_SOCK && [ $SSH_AUTH_SOCK != $SOCK ]
    ln -sf $SSH_AUTH_SOCK $SOCK
    export SSH_AUTH_SOCK=$SOCK

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply