Linux – sudo without password when logged in with SSH private keys


Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.

This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.

Best Answer

The option to do so has existed since (at least) April 2014.

You will need to install a package called pam_ssh_agent_auth (available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK to the list of environment variables that persist during sudo.

The Gentoo wiki has details for these steps.