pam_ssh_agent_auth with Ubuntu
You may have come across
pam_ssh_agent_auth which
allows you to forward the sudo authentication to your local ssh agent.
There are some great blog posts about installing / configuring it already, but I wanted to make it even easier. I’ve created a ubuntu package, available from my server ppa.
The installation is pretty straight forward:
sudo aptitude install python-software-properties
sudo apt-add-repository ppa:dbanck/server
sudo aptitude update
sudo aptitude install pam-ssh-agent-auth
After the installation is done, you just have to edit two config files
to enable it.
In /etc/pam.d/sudo replace @include common-auth
with auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys
.
And in /etc/sudoers add this line:
Defaults env_keep += SSH_AUTH_SOCK
That’s it!
Now connect to your server via ssh -A
to forward the ssh-agent. You may clear you cached sudo credentials via sudo -K
and check if everything works.