Accessing SSH_AUTH_SOCK from another non-root user

ssh sudo ssh-agent

There are two things you need to do:

  1. set the SSH_AUTH_SOCK variable so it points to the correct file
  2. allow the other user to connect to the socket (using file system permissions)

Therefore, what you could do is:

As user1, allow user2 to connect to the socket (full access to the socket and permissions to enter the directory). I hope your /tmp allows ACLs.

setfacl -m u:user2:rw $SSH_AUTH_SOCK
setfacl -m u:user2:x $(dirname $SSH_AUTH_SOCK)

Change to the other user, and export the variable correctly.

sudo -u user2 env SSH_AUTH_SOCK=$SSH_AUTH_SOCK ssh user3@machine2

If you want to open an interactive shell using sudo, you would have to export the SSH_AUTH_SOCK variable yourself after you get the shell.

Related

How to redirect all mail from one domain to another in Postfix?
How to ignore a set of Mac addresses in dhcpd.conf?
Reverse SSH tunnel: how can I send my port number to the server?
Setting up Exim to forward mail
Can you help me with my software dependency issue?
Apache says DocumentRoot doesn't exist when it does
Can I use Office365 or Azure AD as master record for Active Directory?
How can I write automated tests for iptables?
SATA Disks that handle write caching properly?
Is it possible to put commands in /etc/motd?
Creating a grow-on-demand encrypted volume with LUKS
Is btrfs production ready?