paperlined.org
apps > host_sudo_su_boundaries

document updated 11 years ago, on Oct 6, 2013

agent-forwarding when SSHing

Use ssh -A, or specify this in ~/.ssh/config:

ForwardAgent Yes

agent-forwarding when SUDOing

Put this in your /etc/sudoers file:

Defaults    env_keep=SSH_AUTH_SOCK

agent-forwarding when SUing

On machines where sudo is available, obviously you should use that instead. However, Solaris/AIX/HPUX usually only have su.

I know of no existing way to do this.

sux is a tool that hijacks the $TERM variable to transfer additional data across the su barrier, in particular the $DISPLAY and xauth information. It could be modified to pass $SSH_AUTH_SOCK as well.

agent-forwarding from inside tmux/screen

For Screen, put this in your ~/.bashrc:

# make ssh-agent work inside Screen windows                                                          
[ -z "$STY" -a -n "$SSH_AUTH_SOCK" ] && ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock                   
[ -n "$STY" ] && export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock