pam_ssh_agent_auth lets you use your ssh keys inside ssh-agent, that you forward in your ssh client connections to subsequently give you passwordless sudo via a destination side list of trusted public keys.

This can be used with ansible which often needs root permissions, details below:

1. There is a good (ubuntu specific) guide to setting pam_ssh_agent_auth up here for “normal” non-Ansible tasks.
2. Next ensure you are running ssh-agent and your key is enrolled.
3. Also ensure you are actually forwarding your ssh-agent (eg with ForwardAgent yes in ~/.ssh/config
   
4. In your ansible.cfg, add -o ForwardAgent=yes to ssh_args
5. Also in ansible.cfg, remove -n from sudo_flags (or you can customize this on a per-host basis in your inventory file, with the ansible_sudo_flags directive.
6. Run your playbook with sudo or become directives as necessary.