doesn't work from script

[532910]

% cat /tmp/test.zsh
#!/bin/zsh

echo $SSH_AUTH_SOCK
sudo echo OK

% /tmp/test.zsh    
/home/sergio/.gnupg/S.gpg-agent.ssh
[sudo] password for sergio: 

/var/log/auth.log:

Beginning pam_ssh_agent_auth for user sergio
Attempting authentication: `sergio' as `sergio' using /etc/ssh/sudo_authorized_keys
No ssh-agent could be contacted
Failed Authentication: `sergio' as `sergio' using /etc/ssh/sudo_authorized_keys

Directly from console all works fine:

% sudo echo OK
OK

/var/log/auth.log:
Beginning pam_ssh_agent_auth for user sergio
Attempting authentication: `sergio' as `sergio' using /etc/ssh/sudo_authorized_keys
Contacted ssh-agent of user sergio (1000)
trying public key file /etc/ssh/sudo_authorized_keys
auth_secure_filename: checking for uid: 0
secure_filename: checking '/etc/ssh'
secure_filename: checking '/etc'
secure_filename: checking '/'
matching key found: file/command /etc/ssh/sudo_authorized_keys, line 1
Found matching ED25519 key: ID
ssh_ed25519_verify: signature correct
Authenticated: `sergio' as `sergio' using /etc/ssh/sudo_authorized_keys

[gnanet]

Did a quick search on the subject, and i suggest to read this: understanding ssh-agent and ssh-add

My assumption is, that your shell script is spawning an ssh-agent, an this way you have the $SSH_AUTH_SOCK set, but that variable may point to an instance of ssh-agent which does not list your keys (it is empty maybe) So the best way would be to use this project to set up the agent, and the socket variable properly: ssh-find-agent

[gnanet]

I have an extra info, at least for sudo inside a screen session, it is strongly advised for sudo <= 1.8.5 to add Defaults env_keep += "SSH_AUTH_SOCK" and you can always look for multiple ssh-agents, and try to keep only one

[Wilm0r]

Interestingly I needed to add that to my sudo config even with Debian Buster's current version of sudo, 1.8.27