Using SSH agent for sudo authentication on Ubuntu

Thanks to a post at www.drhevans.com/blog/posts/195-using-ssh-agent-for-sudo-authentication/ I got a starting point, however a few things didn't quite work out (I had to install checkinstall as a prerequisite and edit the client machine user's ssh config) so here's the adjusted instructions (updated Feb 2015). You can chckout the project on GitHub - github.com/cpick/pam-ssh-agent-auth

1. Install from the PPA (launchpad.net/~cpick/+archive/ubuntu/pam-ssh-agent-auth)
2. Configure (server)
   1. Do this in a new root shell (so you can easily fix things if you break sudo's config) -> sudo -s
   2. Add to your /etc/sudoers file:

      1. Defaults env_keep += SSH_AUTH_SOCK

   3. Edit /etc/pam.d/sudo to look like the following (adding the bold line, position is important):

      1. #%PAM-1.0
         
         
         auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys
         
         @include common-auth
         
         @include common-account
         
         
         session required pam_permit.so
         
         session required pam_limits.so

3. Configure (client)
   1. Open ~/.ssh
   2. Add a host section for each host you want to connect to (don't use *)

   3. In each host section add ForwardAgent yes

4. Test and Debug
   1. Force sudo reauthentication and see who you are (you should not be prompted for password):

      1. sudo -K

      2. sudo whoami

   2. If it doesn't work check that the SSH_AUTH_SOCK environment variable is being passed correctly:

      1. printenv | grep SSH

      2. sudo printenv | grep SSH

   3. Use the debug option

      1. Add debug to the end of the line added to /etc/pam.d/sudo

      2. Check the /var/log/auth.log file