Accessing SSH_AUTH_SOCK from another non-root user
Posted
by
Danny F
on Server Fault
See other posts from Server Fault
or by Danny F
Published on 2012-10-24T23:21:26Z
Indexed on
2012/10/25
5:06 UTC
Read the original article
Hit count: 499
The Scenario:
I am running ssh-agent on my local PC, and all my servers/clients are setup to forward SSH agent auth. I can hop between all my machines using the ssh-agent on my local PC. That works.
I need to be able to SSH to a machine as myself (user1), change to another user named user2 (sudo -i -u user2), and then ssh to another box using the ssh-agent I have running on my local PC. Lets say I want to do something like ssh user3@machine2 (assuming that user3 has my public SSH key in their authorized_keys file).
I have sudo configured to keep the SSH_AUTH_SOCK environment variable.
All users involved (user[1-3]), are non privileged users (not root).
The Problem:
When I change to another user, even though the SSH_AUTH_SOCK variable is set correctly, (lets say its set to: /tmp/ssh-HbKVFL7799/agent.13799) user2 does not have access to the socket that was created by user1 - Which of course makes sense, otherwise user2 could hijack user1's private key and hop around as that user.
This scenario works just fine if instead of getting a shell via sudo for user2, I get a shell via sudo for root. Because naturally root has access to all the files on the machine.
The question:
Preferably using sudo, how can I change from user1 to user2, but still have access to user1's SSH_AUTH_SOCK?
© Server Fault or respective owner