Authenticate `su -` through PAM and SSH Agent

[Gordon Messmer]

Justin W wrote:
> 
> I currently have my ssh key for my user allowing me to login to my 
> server (encrypted with a password of course). I enable ssh agent 
> forwarding in PuTTY or ssh (depending on whether I'm in Windows or FC6 
> at the time). I'd then issue a `su -` at the prompt and it'd 
> authenticate against the ssh agent I have running locally, and if I 
> didn't have it running, I'd be denied access.

You can't do it with "su", but if you add your public key to the 
accounts (such as root) to which you want to log in, you can use "ssh 
<user>@localhost" instead of "su".