Authenticate sudo with SSH agent

There’s a wonderful package called pam-ssh-agent-auth which allows sudo authentication via the SSH agent. This means no more typing passwords for sudo. Instead, just connect with ssh -A to forward your agent, and then use sudo without a password.

Installation is fairly simple, there are lots of walkthroughs around. First, grab this ppa, then add your SSH pub key to /etc/security/authorized_keys, sudo visudo and add Defaults    env_keep += "SSH_AUTH_SOCK", then edit /etc/pam.d/sudo and add auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys after the other auth lines.

I deployed it all with puppet, but I think that’s everything.