Recently stumbled across a post about sudo with keyfile. Wonderful, never enter password for sudo again, how cool is that. After I had some difficulties in the beginning, I want to write down my way here.
aptitude install libpam-ssh-agent-auth
Add to sudoers via visudo
Defaults env_keep += "SSH_AUTH_SOCK"
Add to /etc/pam.d/sudo
auth sufficient pam_ssh_agent_auth.so file=/etc/ssh/sudo_authorized_keys
Copy authorized keys
cp /home/your_user/.ssh/authorized_keys /etc/ssh/sudo_authorized_keys chown root:root /etc/ssh/sudo_authorized_keys
Be sure you have added the same identities in your local ssh agent. Test it using
It should print the public keys in your agent and at least one of them should match the public key on server in /etc/ssh/sudo_authorized_keys.
If not so, add key with
Also don’t forget to enable key forwarding for this server (my last gotcha):
in ~/.ssh/config for the specified host(s)
Restart ssh afterwards
systemctl restart ssh