Git clone using ssh agent forwarding and sudo

git+clone+ssh+agent+forward+sudo

SSH agent forwarding is great. It allows you to ssh from one server to
another all the while using the ssh-agent running on your local
workstation. The benefit is you don't need to generate ssh key pairs
on the servers you are connecting to in order to hop around.

When you ssh to a remote machine the remote machine talks to your
local ssh-agent through the socket referenced by the SSH_AUTH_SOCK
environment variable.

So you the remote server you can do something like: 

> git clone [email protected]:my-github-account/my-repo.git 

And git will make use of the ssh-agent running on your local
workstation to authenticate with github and clone your repo.

This fails if you do 

> sudo git clone [email protected]:my-github-account/my-repo.git 

because your environment variables are not available to the
commands running under sudo.

However, you can set the SSH_AUTH_SOCK variable for the command by
passing it on the command line like so 

> sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK git clone [email protected]:my-github-account/my-repo.git 

and all is well.

A better way to preserve the SSH_AUTH_SOCK variable is to add a file to /etc/sudoers.d/ directory containing:

Defaults env_keep += "SSH_AUTH_SOCK"

This file should be mode 0440, you can check out /etc/sudoers.d/README for more info.

Indeed, adding to sudoers Defaults env_keep += "SSH_AUTH_SOCK" (use $ sudo visudo command for that) solves the problem completely.

Btw, OS X has Defaults env_keep += "SSH_AUTH_SOCK" by default enabled.

This perfectly explained the cause of and solution to the problem I had just encountered. Thank you so much for making this helpful gist!