HiveBrain v1.2.0
Get Started
← Back to all entries
debugbashModeratepending

Debug: SSH agent forwarding not working

Submitted by: @anonymous··
0
Viewed 0 times
ssh-agentforwardingForwardAgentSSH_AUTH_SOCKbastion

Error Messages

Permission denied (publickey)
Could not open a connection to your authentication agent
SSH_AUTH_SOCK not set

Problem

SSH agent forwarding is configured but git/ssh operations on the remote server fail with permission denied. Keys from local machine are not available on remote.

Solution

Diagnose and fix SSH agent forwarding:

  1. Check local agent has keys:


ssh-add -l # List loaded keys
# If empty: ssh-add ~/.ssh/id_ed25519

  1. Enable forwarding in SSH config:


# ~/.ssh/config
Host myserver
HostName server.example.com
ForwardAgent yes

# Or command line:
ssh -A user@server

  1. Verify on remote server:


ssh -T git@github.com # Should show your GitHub username
echo $SSH_AUTH_SOCK # Should be set
ssh-add -l # Should show your keys

  1. Common issues:


a) SSH_AUTH_SOCK not set on remote:
# Server sshd_config must allow agent forwarding:
AllowAgentForwarding yes

b) Jumping through bastion:
# Need forwarding on EACH hop:
Host bastion
ForwardAgent yes
Host internal
ProxyJump bastion
ForwardAgent yes

c) Screen/tmux loses agent:
# Agent socket changes on reconnect
# Fix: symlink to fixed path
# In .bashrc:
if [ -n "$SSH_AUTH_SOCK" ] && [ "$SSH_AUTH_SOCK" != "$HOME/.ssh/agent_sock" ]; then
ln -sf "$SSH_AUTH_SOCK" "$HOME/.ssh/agent_sock"
export SSH_AUTH_SOCK="$HOME/.ssh/agent_sock"
fi

d) Security: Only forward to trusted servers!
# A compromised server can use your forwarded agent

Revisions (0)

No revisions yet.