Is there any solution, or even work on, limiting which keys gets forwarded where?

Peter Stuge peter at
Sat Oct 17 01:33:37 AEDT 2015

hubert depesz lubaczewski wrote:
> > Another approach, if you find you must forward your agent, is to load
> > all keys in your agent with confirmation prompt required (ssh-add -c)
> > so that your local machine is still in control of when the different
> > keys get used.
> Yeah, but that will (from what I understand from man) re-ask for my
> password, which is highly impractical given the above passphrase
> situation.

You should try it out. No, the agent on your client only asks for
confirmation to use the key (enter=yes, type anything+enter=no)
not for the passphrase.


More information about the openssh-unix-dev mailing list