SSH - Agent Forwarding (Forward Key)

Host Key Not Cached Putty


agent forwarding is a mechanism whereby an SSH client allows an SSH server to use the local agent on the server, the user logs into, as if it was local there.

We say that the private key is forwarded to the server1 in order to connect from server1 to server2.


When a user request a connection to a second server from an SSH client on a first server server (the server client):

  • the server client will forward the request to the agent running on the server (the server agent)
  • the server agent will forward the request to the client (the local client)
  • the local client will forward the request to the agent running on the laptop (the local agent).

agent and agent forwarding implement then single sign-on


  • configure your environment. See configuration
  • from your laptop, make a SSH connection to the first server
  • Verify that you got login via your local agent. You should see on the screen
Authenticating with public key "rsa-key-..." from agent

  • Example with Putty

Ssh Agent Key Connection Putty

  • Verify that the client forward configuration has started an agent on the server. The echo command should show a value.

  • Then try to connect to another server and you should be able to connect.
ssh  my-server-hostname


To use agent forwarding:

  • the ForwardAgent option must be set to yes on:
    • the local client
    • the server client (generally ssh)
  • the AllowAgentForwarding option must be set to yes on the server (default)



Normally, no configuration should be made as the default configuration for AllowAgentForwarding is yes. See this page for the default value

You can check it on your server with this command if you are using the sshd server

sshd -T | grep -i allowagentforwarding
allowagentforwarding yes

otherwise you need to change the configuration file with the following value

AllowAgentForwarding yes



Configuration of the ssh client:

  • Create/Open the file ~/.ssh/config.
  • Configures SSH agent forwarding for the specified Server1HostName by adding the following text to the config file
Host Server1HostName
   ForwardAgent yes
# or for all server
 Host *
   ForwardAgent yes


Configuration of SSH - Putty (telnet, ssh client) called

Putty via Winscp
  • Go to Winscp > Options > Preferences
  • And allow forwarding be giving the -A option

Putty Agent Forwarding Via Winscp

Putty direct
  • Set the agent forwarding option:

Putty Agent Forwarding

  • Save the default settings

Putty Save Default Settings

Documentation / Reference

Discover More
Card Puncher Data Processing
Azure - HDInsight (Microsoft's Hadoop)

Azure HDInsight is a cluster distribution of the Hadoop components from the Hortonworks Data Platform (HDP). duplicate of It regroups open-source frameworks:...
Git Open Ssh
Git - Client Installation

Git for windows provides a bash and a gui. It provides also all GNU core utility For windows, select the Windows Native OpenSsh if you want to have the ssh-agent with...
Winscp Preference Putty Password
WinScp - Installation and Configuration

Add the -X parameters to the command line for X11 forwarding: Add the -C parameters to the command line to enable compression: Add the -A parameters to the command line to enable agent forwarding...

Share this page:
Follow us:
Task Runner