This page describes my SSH Agent forwarding setup, which works well with ControlMaster (connection sharing) and tmux(1).

Client setup

Setting up ControlMaster, with a custom ControlPath so we don't hit path length limits.

Host *
    ControlMaster auto
    ControlPath /tmp/ssh-annika-%r@%h:%p
    ControlPersist 600

I use keychain with the ohmyzsh plugin. Adjust to your needs (agents, key names, timeout). I use a custom --host so that session filenames don't change when I connect to my VPN.

plugins+=(keychain)
zstyle :omz:plugins:keychain agents ssh,gpg
zstyle :omz:plugins:keychain options --quiet id_rsa --timeout 600 --host foo

Server setup

~/.ssh/rc ensures any new SSH session creates the "auth sock" file in a consistent location, so my tmux doesn't need to update an environment variable. This works fine for my needs.

if [ -S "$SSH_AUTH_SOCK" ]; then
    ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi

In .tmux.conf, ensure we use this static auth sock path:

if-shell '[ ! -z "$SSH_CONNECTION" ]' 'setenv -g SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock'