ssh-agent use in different security domains

Saku Ytti saku at
Fri Feb 24 21:25:25 EST 2012

I just had discussion about another usage case for ssh agent forwarding,
which I'm not sure ProxyCommand can fix, am I missing something, or is
there after all usage case for agent forwarding?

Consider this:

How can you scp file from c to d, when you're sitting on a.

a is in internet and has low speed connection
b is secure jump box
c,d can't be reached from internet, but can reach each other directly

You don't want to pull file to a, but do it directly to c->d. 

With agent forwarding you could do
a% ssh b ssh c scp file d:


More information about the openssh-unix-dev mailing list