How to access user's ssh keys from the program that is run with sudo?

Question

The dilemma: a Linux program that I'm working on should:

1. Fetch a "package" over git+ssh:// protocol (using Git).
2. Install that "package" in the system.

For git+ssh to work, Git needs to see my keys.

For the "package" installation, the program must have superuser privileges.

A limitation: the program should not elevate privileges (call sudo) by itself. User must explicitly invoke it with sudo. (Lets ignore the case when user runs the program while begin logged in as root — assuming he will setup keys correctly then.)

So, the question is: how to do ssh access with user keys from the program that is invoked with sudo?

Answer 1

use the -i identity_file ssh parameters. To tell git to use the proper command you should set the GIT_SSH variable to a file that will call ssh -i "$@".

If you can't do that then you should drop privileges while you do the git pull command.

sudo -u <original_user> git fetch git+ssh:// 

You can use the ${SUDO_USER} enviroment variable to find out who the original user was.