Fixing Broken SSH / X11 Forwarding with tmux (and fish!)
When you resume a tmux session on a remote server, tmux aims to restore the environment exactly as it was when you left. That’s great, except when you need things to change.
The SSH_AUTH_SOCK and DISPLAY environment variables are set by SSH when the connection is established, and are inherited by your shell upon initial creation. When resuming a session, the underlying SSH connection has updated environment variables, but your shell doesn’t get them because tmux dutifully preserved the environment.
So when you get
Permission denied (publickey).
fatal: Could not read from remote repository.or (for DISPLAY issue):
cannot open displaybut the same command works when you open a new window or tab, it’s probably because the environment variables are stale.
So how do we fix this? For SSH, some folks believe that the socket shouldn’t really move and so they make a symlink at a static path and update the symlink when possible. Unfortunately I don’t think that works for X11 forwarding.
Another option is to ask tmux for the current environment variables and pull them into our shell. tmux provides tmux showenv to retrieve the current environment variables and will even format them for Bash consumption. To refresh SSH and DISPLAY variables in Bash:
eval $(tmux showenv -s | grep -E '^(SSH|DISPLAY)')For fish shell it requires some regex gymnastics. This is what I came up with:
tmux showenv -s | string replace -rf '^((?:SSH|DISPLAY).*?)=(".*?"); export.*' 'set -gx $1 $2' | sourceYou can put that in a function and call it each time something is broken, but I like the idea of never having to think about it. The best way I’ve found to have it be automatically fixed is to run the above before every interactive command, called from a hook called preexec.
Unfortunately traditional Bash doesn’t seem to have a preexec hook (could try bash-preexec), but zsh supports it natively. In .zshrc on the remote server:
function refresh_tmux_vars {
if [ -n "$TMUX" ]; then
eval $(tmux showenv -s | grep -E '^(SSH|DISPLAY)')
fi
}function preexec {
refresh_tmux_vars
}
And here’s the same for fish in ~/.config/fish/functions/refresh_tmux_vars.fish on the remote server:
function refresh_tmux_vars --on-event="fish_preexec"
if set -q TMUX
tmux showenv -s | string replace -rf '^((?:SSH|DISPLAY).*?)=(".*?"); export.*' 'set -gx $1 $2' | source
end
endHappy tmuxing!
— — — —
Additional reading:
Renew environment variables in tmux
Reconciling Tmux and SSH Agent Forwarding
SSH agent forwarding and screen
How to auto-update SSH agent environment variables when attaching to existing tmux sessions
![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="30" height="20"><rect fill-opacity="0"/></svg>)
