Fix SSH agent forwarding and comment on it

.ssh/config

@@ -1,5 +1,7 @@
 Host *
 	# Share SSH connection.
+	# If disabling, consider impact on ssh agent forwarding in screen
+	# sessions (see .ssh/rc file).
 	ControlMaster auto
 	ControlPath ~/.ssh/ctl/%r@%h:%p
 	ControlPersist 10m

.ssh/rc

@@ -1,4 +1,11 @@
 #!/bin/sh
 
-# help screen find the right auth sock on reattach
+# When SSH-ing with agent forwarding enabled, this variable is set by sshd
+# itself. However, an existing screen session that we attach to will not have
+# its SSH_AUTH_SOCK environment variable updated, so we hardcode this path in
+# .screenrc and create a symlink to keep it alive.
+#
+# It WILL break if two sessions are opened to a machine, and a newer one is
+# terminated. ControlMaster in .ssh/config solves this problem by sharing the
+# connection (and as a result, sharing SSH agent socket).
 [ -n "$SSH_AUTH_SOCK" ] && ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock

.zshrc

@@ -101,9 +101,15 @@ colordiff() {
 
 alias backup-home-explore='eval "ncdu $(grep -A1 -- --exclude $HOME/bin/backup-home | tr -d \|)"'
 
-if [ -z "$SSH_AUTH_SOCK" ]; then
+if [ -z "$SSH_AUTH_SOCK" -a -z "$SSH_CLIENT" ]; then
+	# This path is only needed in a local shell.
+	#
+	# In a screen session, we set SSH_AUTH_SOCK to a fixed path in
+	# .screenrc before a shell is started.
+	#
+	# That fixed path is a symlink which gets updated by .ssh/rc scrtipt.
 	eval `ssh-agent -s`
-	trap 'kill $SSH_AGENT_PID' EXIT
+	trap 'ssh-agent -k' EXIT
 fi
 
 autoload -Uz vcs_info