Running 'sudo' over SSH

For sudo you can allow a user to run sudo without asking for the password, try man sudoers. You can edit the file /etc/sudoers by issuing the visudo command. It has to be that special because otherwise the file is not correctly reloaded. The resulting lines (here taken from the examples in the file itself) should be:

## Allows people in group wheel to run all commands
# %wheel    ALL=(ALL)   ALL

## Same thing without a password
%wheel  ALL=(ALL)   NOPASSWD: ALL

@Wesho,

You can do what DaDaDom said (it will work and it is simple) or your may want to beef up your setup by using a PAM module called pam-ssh-agent-auth.

The process for Debian/Ubuntu systems is reasonably simple:

$ sudo aptitude install libssl-dev libpam0g-dev build-essential checkinstall
$ wget "http://downloads.sourceforge.net/project/pamsshagentauth/pam_ssh_agent_auth/v0.9.3/pam_ssh_agent_auth-0.9.3.tar.bz2"
$ tar -xjvf pam_ssh_agent_auth-0.9.3.tar.bz2
$ cd pam_ssh_agent_auth-0.9.3

$ ./configure --libexecdir=/lib/security --with-mantype=man

$ make
$ sudo checkinstall

The edit the sudo configuration:

$ sudo visudo

Add the following:

Defaults env_keep += SSH_AUTH_SOCK

Continue by changing the sudo PAM settings:

$ sudo vi /etc/pam.d/sudo

Add the auth line just above the 2 existing @include lines:

auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys
@include common-auth
@include common-account

Voilà!

sudo with no auth but relying on SSH Agent to perform strong authentication, instead of simply removing the password from the sudo configuration.