ssh -A: Agent Forwarding and Its Risks
ssh -A forwards the local SSH agent connection to the remote host, letting that host use your keys for further hops.
Agent forwarding lets a deploy host clone a private repo using the runner's key without copying the key onto the host. It is convenient but exposes your agent to whoever controls that host.
What it does
ssh -A (ForwardAgent yes) makes the remote host able to talk back to your ssh-agent. Processes on that host can then use your loaded keys to authenticate to other servers, without the private key ever being written there.
Common usage
# load a key into the agent, then forward it to clone a private repo remotely
eval "$(ssh-agent -s)"
ssh-add ./deploy_key
ssh -A user@host "git clone git@github.com:org/private-repo.git"Options
| Flag | What it does |
|---|---|
| -A | Enable agent forwarding to the remote host |
| -a | Disable agent forwarding (override config) |
| -o ForwardAgent=yes | Same as -A via an option |
| -J / ProxyJump | Often a safer alternative for reaching a second host |
In CI
Forwarding exposes every key in the agent to anyone with root on the remote host, who can hijack the socket while you are connected. Prefer ProxyJump (-J) for multi-hop access, or a dedicated deploy key on the target. If you must forward, load only the single key needed and disconnect promptly.
Common errors in CI
Could not open a connection to your authentication agent. on the remote means no agent is reachable; confirm SSH_AUTH_SOCK is set locally and the server allows AllowAgentForwarding. "Permission denied (publickey)" on the onward hop means the forwarded key is not authorized there. If forwarding is silently ignored, the server has AllowAgentForwarding no.