Is it possible to make sudo command to support SSH private keys, so that when the user logins using a private key then he/she could sudo without typing a password.
This would allow storing the UNIX sysadmin passwords in an encrypted cold storage and never need to access them, assuming the users use secure private SSH keys always to login on the server.
Best Answer
The option to do so has existed since (at least) April 2014.
You will need to install a package called
pam_ssh_agent_auth
(available for Centos 7 out of the box, YMMV), then configure/etc/pam.d/sudo
to accept it as an authorization method. Finally, you may need to addSSH_AUTH_SOCK
to the list of environment variables that persist duringsudo
.The Gentoo wiki has details for these steps.