Each time you ssh into
bastion01, a different socket is opened to handle the key forwarding. You can see the filename in the environment variable
SSH_AUTH_SOCK. When you start
tmux, the value of that environment variable is included in
tmux‘s global environment, which is inherited by any shells started in that session.
Now, when you reconnect to
bastion01 later, a different socket is allocated to handle your key forwarding (since it’s a new ssh session). You can see this by examining the value of
SSH_AUTH_SOCK before you re-attach to your
tmux session and after. In order for key forwarding to work inside
tmux, you need to update the value of
tmux to the name of the socket being used by the current ssh session.
A quick-and-dirty way to do this is to write a short script that will save this new value to a file, and execute that inside any
tmux window where you will be
#!/bin/bash echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > ~/.auth_ssh
Execute that script as soon as you ssh into
bastion01, but before you re-attach to your tmux session. Then, before you try to ssh anywhere from inside
tmux, run the following:
tmux window has its own environment, so you’ll need to run that in each window where you try to run ssh. For simplicity, you can alias ssh to do it for you:
alias ssh="source ~/.auth_ssh; ssh"
Note: this is a gross oversimplification of a script we use at work to update the SSH authorization information. If it doesn’t work quite right, I hope this at least gives you enough information to google a better solution (or someone else posts a better solution here).