I have a Ubuntu server with the users: ubuntu and user
I connect to each of the users using ssh -A (to pass my local machine keys to SSH). From any of the users I can connect to the SSH server of Github:
$ ssh -T [email protected]
...
Hi gabipetrovay! You've successfully authenticated, but GitHub does not provide shell access.
But when I try to connect from ubuntu using sudo, on behalf of user
sudo -E -u user ssh -T [email protected]
I get a Permission denied (publickey) error.
Using the -vv option for ssh I can see that when running with sudo on behalf of user from ubuntu the key on my machine is not offered to the ssh server. As a comparison:
directly form user:
debug2: key: /Users/gabriel/.ssh/id_rsa (0x7fbf09390020),
debug2: key: /home/mono/.ssh/id_rsa ((nil)),
debug2: key: /home/mono/.ssh/id_dsa ((nil)),
debug2: key: /home/mono/.ssh/id_ecdsa ((nil)),
debug2: key: /home/mono/.ssh/id_ed25519 ((nil)),
from ubuntu using sudo -u user:
debug2: key: /home/mono/.ssh/id_rsa ((nil)),
debug2: key: /home/mono/.ssh/id_dsa ((nil)),
debug2: key: /home/mono/.ssh/id_ecdsa ((nil)),
debug2: key: /home/mono/.ssh/id_ed25519 ((nil)),
So it seems that through sudo the SSH_AUTH_SOCK socket is not considered.
I have also added Defaults env_keep+=SSH_AUTH_SOCK to /etc/sudoers but it still does not work.
How can I achieve this? I need to execute ssh and git commands from user ubuntu on behalf of the user user.
In addition to adding
Defaults env_keep+=SSH_AUTH_SOCKtosudoers, you also need to give youruseraccess to file pointed by SSH_AUTH_SOCK variable. It is not enabled by default.