How to pass the SSH_AUTH_SOCK through sudo (Permission denied (publickey).)

Question

I have a Ubuntu server with the users: ubuntu and user

I connect to each of the users using ssh -A (to pass my local machine keys to SSH). From any of the users I can connect to the SSH server of Github:

$ ssh -T git@github.com
...
Hi gabipetrovay! You've successfully authenticated, but GitHub does not provide shell access.

But when I try to connect from ubuntu using sudo, on behalf of user

sudo -E -u user ssh -T git@github.com

I get a Permission denied (publickey) error.

Using the -vv option for ssh I can see that when running with sudo on behalf of user from ubuntu the key on my machine is not offered to the ssh server. As a comparison:

directly form user:

debug2: key: /Users/gabriel/.ssh/id_rsa (0x7fbf09390020),
debug2: key: /home/mono/.ssh/id_rsa ((nil)),
debug2: key: /home/mono/.ssh/id_dsa ((nil)),
debug2: key: /home/mono/.ssh/id_ecdsa ((nil)),
debug2: key: /home/mono/.ssh/id_ed25519 ((nil)),

from ubuntu using sudo -u user:

debug2: key: /home/mono/.ssh/id_rsa ((nil)),
debug2: key: /home/mono/.ssh/id_dsa ((nil)),
debug2: key: /home/mono/.ssh/id_ecdsa ((nil)),
debug2: key: /home/mono/.ssh/id_ed25519 ((nil)),

So it seems that through sudo the SSH_AUTH_SOCK socket is not considered.

I have also added Defaults env_keep+=SSH_AUTH_SOCK to /etc/sudoers but it still does not work.

How can I achieve this? I need to execute ssh and git commands from user ubuntu on behalf of the user user.

Answer 1

In addition to adding Defaults env_keep+=SSH_AUTH_SOCK to sudoers, you also need to give your user access to file pointed by SSH_AUTH_SOCK variable. It is not enabled by default.