I’m using bastion hosts for my cloud infra and found this little hack to systemd to setup ssh-agent for my auth forwarding.
what is it?
systemd
systemd is an init system used in Linux distributions to bootstrap the user space and manage all processes subsequently, instead of the UNIX System V or Berkeley Software Distribution (BSD) init systems. The name systemd adheres to the Unix convention of naming daemons by appending the letter d.
ssh-agent
SSH is a protocol allowing secure remote login to a computer on a network using public-key cryptography. … Therefore, users run a program called ssh-agent that runs the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.
where to start
Create a systemd user service, by putting the following to ~/.config/systemd/user/ssh-agent.service:
Setup shell to have an environment variable for the socket (.bash_profile, .zshrc, …):
Enable the service, so it’ll be started automatically on login, and start it:
Add the following configuration setting to your ssh config file ~/.ssh/config (this works since SSH 7.2):
This will instruct the ssh client to always add the key to a running agent, so there’s no need to ssh-add it beforehand.