Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Git clone using ssh agent forwarding and sudo
SSH agent forwarding is great. It allows you to ssh from one server to
another all the while using the ssh-agent running on your local
workstation. The benefit is you don't need to generate ssh key pairs
on the servers you are connecting to in order to hop around.
When you ssh to a remote machine the remote machine talks to your
local ssh-agent through the socket referenced by the SSH_AUTH_SOCK
environment variable.
So you the remote server you can do something like:
> git clone git@github.com:my-github-account/my-repo.git
And git will make use of the ssh-agent running on your local
workstation to authenticate with github and clone your repo.
This fails if you do
> sudo git clone git@github.com:my-github-account/my-repo.git
because your environment variables are not available to the
commands running under sudo.
However, you can set the SSH_AUTH_SOCK variable for the command by
passing it on the command line like so
> sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK git clone git@github.com:my-github-account/my-repo.git
and all is well.
Copy link

ghost commented Aug 1, 2018

Indeed, adding to sudoers Defaults env_keep += "SSH_AUTH_SOCK" (use $ sudo visudo command for that) solves the problem completely.

Btw, OS X has Defaults env_keep += "SSH_AUTH_SOCK" by default enabled.

@Microserf
Copy link

Microserf commented Apr 26, 2019

This perfectly explained the cause of and solution to the problem I had just encountered. Thank you so much for making this helpful gist!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment