sudo with SSH agent forwarding #273
Comments
|
shortly after posting this issue, I realized that it not might be a sane default for others considering the security issues if abused :-( |
|
Indeed. It's not just the security implications that make me not want to do this; it's that it's best practice to start from a known system state (which is the generic, out-of-the-box system build) and build up the system with all prerequisites in the right order. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please consider enabling SSH agent forwarding in the default sudoers file for Ubuntu
At least in Ubuntu, the default sudoers file resets all environment variables, which breaks recipies that must clone private repositories.
In my case for example, some of my recipes must clone private repos for which the ssh key is never in the server, but on the administrator client machine. During the first run I must prioritize updating the sudoers file to enable ssh agent forwarding before the first cloned repo breaks the chef-client run. The second chef-client run will get the new sudoers settings and clone successfully.
The text was updated successfully, but these errors were encountered: