Last active
April 4, 2023 12:54
-
-
Save gwire/7ca095a1fb8459e2e26072349c1b3763 to your computer and use it in GitHub Desktop.
Cloud-init config to allow password-less sudo via ssh-agent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| ## I want to authenticate sudo via ssh-agent on Ubuntu 22.04 | |
| users: | |
| - name: bob | |
| gecos: Bob | |
| shell: /bin/bash | |
| primary_group: bob | |
| groups: sudo | |
| ssh_authorized_keys: | |
| - ssh-ed25519 AAsomekeyhere | |
| write_files: | |
| - path: /etc/pam.d/common-local-auth-ssh | |
| content: | | |
| # initial value only - deploy keys to /etc/ssh/users/ and remove next line | |
| auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys | |
| auth sufficient pam_ssh_agent_auth.so file=/etc/ssh/users/%u | |
| - path: /etc/sudoers.d/0ssh-agent-auth | |
| content: | | |
| Defaults env_keep += "SSH_AUTH_SOCK" | |
| permissions: '0440' | |
| packages: | |
| - libpam-ssh-agent-auth | |
| runcmd: | |
| - sed -i '8i @include common-local-auth-ssh' /etc/pam.d/sudo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment