Chapter 36: SSH Agent Forwarding
In this chapter, you'll learn how SSH agent forwarding works, the security risks it introduces, and when to use it versus ProxyJump for multi-hop connections.
In the previous chapter, you learned how ProxyCommand gives you fine-grained control over SSH connections using tools like netcat, socat, corkscrew, and even custom scripts. Together with ProxyJump from Chapter 34, you now have different ways to connect to servers through one or more intermediate hosts.
There is one more SSH feature worth learning about: SSH agent forwarding, which has been around for a long time, even before ProxyJump was introduced, and many administrators still use it today.
You will often see agent forwarding mentioned in tutorials, existing infrastructure, and older deployments. In some situations, it can be a convenient solution. However, it works very differently from ProxyJump and comes with its own security considerations.
In this chapter, you'll learn how SSH agent forwarding works, when it is useful, the risks involved, and how to decide whether agent forwarding or ProxyJump is the better choice for a particular task.