Adding ssh keys to ssh-agent fails w/ running agent, environment variables set

Question

[SSH] "Could not open a connection to your authentication agent". error

I am trying to add ssh keys into my ssh agent. I start by making sure that the ssh-agent is running.

exec ssh-agent bash

I make sure that ssh-agent is running.

ps axu | grep [s]sh

and get the following

root 1562 ... ssh-agent bash

The env variables are set correctly.

SSH_AGENT_PID=1562

SSH_AUTH_SOCK=/tmp/ssh-699iHAxuK4xX/agent.1561

However when I try to add the private key using

sudo ssh-add ~/.ssh/peter-key

I get the ssh error

Could not open a connection to your authentication agent.

I have tried the suggestions on stackoverflow and serverfault but nothing.

Note: I am running a linux machine on one of the free tier AWS machines with ubuntu. My instance's security group allow (temporarily) all incoming and outgoing ssh connections from any IP address. Anyone know what the error could be?

Answer 1

Just use

ssh-add ~/.ssh/peter-key

...not...

sudo ssh-add ~/.ssh/peter-key

Using sudo (optionally/configurably, but typically) clears a number of environment variables, including the ones you just verified were set. (Compare output of sudo env and plain env to see this effect).

If you must use sudo to read the key, then you can ensure that the necessary environment variable is set on the other side by doing so explicitly yourself:

sudo env "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" ssh-add ~/.ssh/peter-key

However, it's possible for security-sensitive programs working with UNIX domain sockets to check the ownership and permission of software on the other end of that socket, and to refuse to communicate with anything running on a user account different from what they expect, so it's possible that this approach may not be future-proof against security features added to ssh-agent.