Forwarding an SSH agent lets a remote session authenticate to another host with a key that stays on the workstation. It fits bastion and jump-host handoffs, but it also gives the trusted remote host a live signing path back to the local agent while the session is open.

The OpenSSH client enables agent forwarding with ForwardAgent yes in a matching Host block, or with -A for a single command. A forwarded session exposes an SSH_AUTH_SOCK path on the remote host; programs there can ask the local agent to sign authentication challenges, but they cannot read the private key file itself.

Keep forwarding host-specific and load only the identities needed for the onward connection. The server-side AllowAgentForwarding setting can further restrict which bastion accounts receive forwarded sockets, and the final proof is a remote ssh-add -l output that matches the local agent before an onward login succeeds.

Related: How to connect to an SSH server through a jump host
Related: How to configure SSH Match blocks

Steps to enable SSH agent forwarding securely:

  1. List keys loaded in the local ssh-agent. 
    $ ssh-add -l
256 SHA256:G9x8RpzHGWETUZiMicVJWorguVdQRuvL/1GwuBUBrl0 user@workstation (ED25519)

    If the agent reports The agent has no identities., load the key that the internal host already trusts before enabling forwarding.

    Related: How to add an SSH key to ssh-agent

  2. Create the per-user SSH configuration directory. 
    $ mkdir -p ~/.ssh
  3. Restrict the per-user SSH configuration directory. 
    $ chmod 700 ~/.ssh
  4. Open the per-user SSH client configuration file. 
    $ vi ~/.ssh/config
  5. Add a host-specific block for the trusted bastion. 
    Host bastion
    HostName bastion.example.net
    User ops
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes
    ForwardAgent yes

    Do not place ForwardAgent yes in a broad Host * block because every matched remote host would receive a live agent socket while sessions remain open.
    Tool: SSH Client Config Editor

  6. Restrict the client configuration file. 
    $ chmod 600 ~/.ssh/config

    OpenSSH may ignore client configuration files that are writable by other users.

  7. Confirm the saved client alias enables agent forwarding. 
    $ ssh -G bastion | grep "^forwardagent "
forwardagent yes

    ssh -G prints the effective client settings after Host and Match processing.

    Related: How to show SSH client configuration

  8. Check whether the bastion server permits agent forwarding for the intended account. 
    $ sudo sshd -T -C "user=ops,host=bastion.example.net,addr=203.0.113.10" | grep "^allowagentforwarding "
allowagentforwarding yes

    Replace ops and the addr value with the account and client source address that should receive the forwarded agent.

  9. Open the sshd configuration on the bastion when server policy needs a narrower allow list. 
    $ sudoedit /etc/ssh/sshd_config

    Keep an existing root session or console path open before changing /etc/ssh/sshd_config on a remote bastion.

  10. Add a restrictive server policy that allows agent forwarding only for the selected account. 
    AllowAgentForwarding no

Match User ops
    AllowAgentForwarding yes

    Place unconditional server directives before the first Match block. Later Match blocks apply only to sessions that meet their conditions.

  11. Validate the sshd configuration syntax. 
    $ sudo sshd -t

    No output means the server configuration parsed successfully.

    Related: How to test SSH server configuration

  12. Reload the SSH service on the bastion. 
    $ sudo systemctl reload ssh

    Use sudo systemctl reload sshd on systems where the OpenSSH server unit is named sshd.

    Related: How to manage the SSH server service with systemctl

  13. List forwarded identities from the bastion session. 
    $ ssh bastion "ssh-add -l"
256 SHA256:G9x8RpzHGWETUZiMicVJWorguVdQRuvL/1GwuBUBrl0 user@workstation (ED25519)

    The fingerprint should match the local ssh-add -l output because the remote host is querying the forwarded agent.

  14. Use the forwarded agent to reach the internal host from the bastion. 
    $ ssh bastion "ssh app.internal.example hostname"
app.internal.example

    A compromised bastion can request signatures from the forwarded agent while the session remains open, so close the session when the onward work is finished.