Skip to content

fix: escape dollar sign in SSH Match exec directive #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lox merged 1 commit into from
Oct 5, 2025
Merged

fix: escape dollar sign in SSH Match exec directive #53

lox merged 1 commit into from
Oct 5, 2025

Conversation

@lox
Copy link
Owner

@lox lox commented Oct 5, 2025
edited
Loading

Summary

Check SSH_CONNECTION instead of SSH_AUTH_SOCK to detect SSH sessions

Problem

The Match exec directive had quote parsing errors, and checking SSH_AUTH_SOCK doesn't work because macOS sets it to a default agent that lacks the necessary keys.

Solution

Use SSH_CONNECTION to detect if we're in an SSH session:

Match host * exec "sh -c 'test -z \"$SSH_CONNECTION\"'"
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Logic:

  • SSH_CONNECTION is empty → Local machine → Use 1Password
  • SSH_CONNECTION is set → In SSH session → Skip 1Password, use forwarded agent

Behavior

Context SSH_CONNECTION Agent Used
Local machine Empty 1Password ✓
GUI apps Empty 1Password ✓
ssh -A (forwarded) Set Forwarded agent ✓

Fixes #51

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Oct 5, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

@lox lox force-pushed the fix-ssh-match-exec-escaping branch from bc7488b to 1bc283a Compare October 5, 2025 10:05
@lox
fix: use SSH_CONNECTION to detect forwarded agents
2c04d6e 
Check SSH_CONNECTION instead of SSH_AUTH_SOCK to determine if we're in an
SSH session. This handles the case where SSH_AUTH_SOCK is set to a system
agent that doesn't have the needed keys.

Logic:
- SSH_CONNECTION empty (local machine) → Use 1Password IdentityAgent
- SSH_CONNECTION set (SSH session) → Skip IdentityAgent, use forwarded agent

Match host * exec "sh -c 'test -z \"$SSH_CONNECTION\"'"
  IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

This ensures:
- Local sessions always use 1Password
- ssh -A properly uses forwarded agent
- GUI apps use 1Password
@lox lox force-pushed the fix-ssh-match-exec-escaping branch from 1bc283a to 2c04d6e Compare October 5, 2025 10:37
@lox lox merged commit 8f2d705 into main Oct 5, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lox