Working on a remote server (A) I want to use my local SSH-Keys to access a repository on another server (B) that is not controlled by me.
Generally this works like a charm.
I log in as myUsername on the remote server (A) and can access the repositories on B just fine.
The problem is, that there are some tasks (composer update) that need to be executed by another user on (A).
This user is not an admin and the folders where the scripts are executed are his and should only be writable by him and not an entire group, so I can't just chmod all the folders to 777, 775 or something 😉
The problem is, that when I want to execute the script with:
sudo -u another_user composer update
sure enough there are no keys found, because they don't get forwarded for this user.
Also the "another_user"'s shell is set to bin/false to complicate things even further!!!
Is there a solution to this?
To sum it all up: I want to access another remote server through my own remote server with my local ssh-keys through sudo -u another_user ...
Would be great if someone with more experience could enlighten me!
edit: I also tried this already: http://mybrainhurts.com/blog/2012/05/git-sudo-local-ssh-keys.html But I guess it won't work because the other user has no shell 🙁
Best Answer
The only way to do this is via a very dirty hack. I do not recommend it.
The reason for this is that your SSH keys are accessed via a named socket. That named socket is in a directory owned by you, and cannot be accessed by anyone else. The only way to give the other user access is by changing permissions on the socket.
The above does this via extended filesystem attributes. If your
/tmpfilesystem does not support ACLs, then the only way to do it is tochmod o+rwx, and that is horribly insecure.The better solution is fixing whatever is preventing you from running that command as your own user.