sudo without password when logged in with SSH private keys
The option to do so has existed since (at least) April 2014.
You will need to install a package called pam_ssh_agent_auth
(available for Centos 7 out of the box, YMMV), then configure /etc/pam.d/sudo
to accept it as an authorization method. Finally, you may need to add SSH_AUTH_SOCK
to the list of environment variables that persist during sudo
.
The Gentoo wiki has details for these steps.
This is not possible without some serious code changes to sudo and sshd. Sudo doesn't know about login methods, and ssh doesn't publish to other programs anything that would indicate whether public key, password, or some other mechanism was used for login.
As someone else said, you can use the NOPASSWD option in sudoers - this would apply to specified users always, though, not only when they use ssh with private keys.
If you really want, there may be tricks you can do with a suid program that checks the sshd log and locks/edits the sudoers file to let that user do a no-password sudo, and a periodic task to revoke this permission.
All that said, I think this is a bad idea. Requiring a password for privileged commands has a couple of nice benefits that private key SSH doesn't. Notably, it lets you have timeouts for the auth (password must be re-entered, not true for ssh sessions), it lets you have password minimums and rotation (unlike ssh keys, which have a passphrase outside the server's control).