Ansible, Vagrant, sudo and ssh-agent

Question

So I've seen this question and added the Defaults env_keep+=SSH_AUTH_SOCK into my /etc/sudoers file but I am still unable to clone from github on my Vagrant box using sudo: true and sudo_user: <user> in my ansible playbook. I'd like to clone the code as the user I created to run it but it is proving to be really frustrating. I can do ssh git@github.com when I log in via vagrant ssh but when I then do sudo -u <user> ssh git@github.com I get the Permission Denied error. When I echo the SSH_AUTH_SOCK value as the specific user I see that it is set:

vagrant@vagrant-ubuntu-trusty-64:/tmp$ sudo -u derp echo $SSH_AUTH_SOCK
/tmp/ssh-w3XYbqlMnX/agent.1592

@Jakuje I did not. Do I also put the `env_keep` directive there or is there something else I need to do? — MattC, Aug 25 '15 at 14:22
Sorry I understood the question wrong. Did you add the line on your host or on your Vagrant box? — Jakuje, Aug 25 '15 at 19:36

score 3 · Answer 1 · answered Aug 26 '15 at 18:24

I think the issue is the /tmp file doesn't have permissions. If you

 sudo -u root ssh git@github.com

That might work since root can read the files

To fix this as the vagrant user run

setfacl -m otheruser:x   $(dirname "$SSH_AUTH_SOCK")
setfacl -m otheruser:rwx "$SSH_AUTH_SOCK"

That should give the otheruser rights to get into the directory and read the file.

Ansible, Vagrant, sudo and ssh-agent

1 Answers1