On Tue 2015-10-20 03:08:11 -0400, hubert depesz lubaczewski wrote: > If I run tmux locally, and my network connection dies, then I lose what > I was doing on remote host. > Tmux is there to protect me from losing work (let's say, in the middle > of datbase upgrade) due to network issues). if you want that kind of protection, run tmux (or GNU screen) on the remote host itself. that will protect you from outages on the jumphost as well. > I'm concerned about safety (someone having access to my agent socket, > shouldn't really have access to all my keys), and convenience (not > having to retype the password every time). a local ssh agent, not forwarded, with a controlMaster socket for the jumphost, and your keys loaded with confirmation prompt seems like the solution that would solve the most problems: ~/.ssh/config: -------------- Host jumphost.example ControlMaster autoask ControlPath ~/.ssh/masters/%r@%h:%p ProxyCommand none Host *.example ProxyCommand ssh -W %h:%p jumphost.example -------------- Before connecting, ensure that ssh-agent is running and do: ssh-add -c /path/to/my/key You'll have to type your password exactly once. When you get a prompt for the use of your key, or a prompt to use the control master, you can just hit "OK" or type "yes". if your workflow is just to connect to one remote machine from your local computer, do: ssh -t foo.example tmux If your workflow is to connect to multiple machines, start with: ssh jumphost.example and leave that session open while you do the rest of your work from your local computer.: ssh -t foo.example tmux ssh -t bar.example tmux hth, --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev