Skip to content
Latchkey

ssh -A: Agent Forwarding and Its Risks

ssh -A forwards the local SSH agent connection to the remote host, letting that host use your keys for further hops.

Agent forwarding lets a deploy host clone a private repo using the runner's key without copying the key onto the host. It is convenient but exposes your agent to whoever controls that host.

What it does

ssh -A (ForwardAgent yes) makes the remote host able to talk back to your ssh-agent. Processes on that host can then use your loaded keys to authenticate to other servers, without the private key ever being written there.

Common usage

Terminal
# load a key into the agent, then forward it to clone a private repo remotely
eval "$(ssh-agent -s)"
ssh-add ./deploy_key
ssh -A user@host "git clone git@github.com:org/private-repo.git"

Options

FlagWhat it does
-AEnable agent forwarding to the remote host
-aDisable agent forwarding (override config)
-o ForwardAgent=yesSame as -A via an option
-J / ProxyJumpOften a safer alternative for reaching a second host

In CI

Forwarding exposes every key in the agent to anyone with root on the remote host, who can hijack the socket while you are connected. Prefer ProxyJump (-J) for multi-hop access, or a dedicated deploy key on the target. If you must forward, load only the single key needed and disconnect promptly.

Common errors in CI

Could not open a connection to your authentication agent. on the remote means no agent is reachable; confirm SSH_AUTH_SOCK is set locally and the server allows AllowAgentForwarding. "Permission denied (publickey)" on the onward hop means the forwarded key is not authorized there. If forwarding is silently ignored, the server has AllowAgentForwarding no.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →