-
-
Save scottjacobsen/4281310 to your computer and use it in GitHub Desktop.
| SSH agent forwarding is great. It allows you to ssh from one server to | |
| another all the while using the ssh-agent running on your local | |
| workstation. The benefit is you don't need to generate ssh key pairs | |
| on the servers you are connecting to in order to hop around. | |
| When you ssh to a remote machine the remote machine talks to your | |
| local ssh-agent through the socket referenced by the SSH_AUTH_SOCK | |
| environment variable. | |
| So you the remote server you can do something like: | |
| > git clone [email protected]:my-github-account/my-repo.git | |
| And git will make use of the ssh-agent running on your local | |
| workstation to authenticate with github and clone your repo. | |
| This fails if you do | |
| > sudo git clone [email protected]:my-github-account/my-repo.git | |
| because your environment variables are not available to the | |
| commands running under sudo. | |
| However, you can set the SSH_AUTH_SOCK variable for the command by | |
| passing it on the command line like so | |
| > sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK git clone [email protected]:my-github-account/my-repo.git | |
| and all is well. |
Thanks, that helps a lot.
It's a hack, but helpful one. Thank you. 👍
Alternatively create a file in /etc/sudoers.d/99-keep-ssh-auth-sock-env with the following contents:
Defaults>root env_keep+=SSH_AUTH_SOCK
Use visudo -f to edit and validate the change is ok.
sudo The -E (preserve environment) is good too:)
Thank you sir!
Had a problem to clone repository on ec2 machine, it helped. Thank you.
A better way to preserve the SSH_AUTH_SOCK variable is to add a file to /etc/sudoers.d/ directory containing:
Defaults env_keep += "SSH_AUTH_SOCK"
This file should be mode 0440, you can check out /etc/sudoers.d/README for more info.
Indeed, adding to sudoers Defaults env_keep += "SSH_AUTH_SOCK" (use $ sudo visudo command for that) solves the problem completely.
Btw, OS X has Defaults env_keep += "SSH_AUTH_SOCK" by default enabled.
This perfectly explained the cause of and solution to the problem I had just encountered. Thank you so much for making this helpful gist!
This has been really helpful, I was almost starting to get frustrated.