[arturhoo]

Nice idea, but don't run the command if you have

    Host *
      ForwardAgent yes

On your ~/.ssh/config

[brandonwamboldt]

Yes, for more information, see SSH Agent Forwarding Considered Harmful (http://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-cons...). Finally a legitimate use of the title "considered harmful".

[clinta]

Don't use agent forwarding to any host you don't have exclusive root access to and are 100% sure isn't compromised. Anyone else who is root on a box you SSH to with agent forwarding can authenticate to other servers using your private key while you are connected.

[jrockway]

Is this a problem if my private key is on a smartcard and I have to press a button on the card to sign something?

[eru]

Slightly less so. But they can still trick you into signing something different than what you'd expect.

[chmike]

What is the effect of ForwardAgent ?

[arturhoo]

The host you're connecting to could be able to, force write/destroy your public repos or clone your (and your employer's) private repos given that he knows their paths, eg: github/github. I'd assume that a few companies have a */secrets repo of some sort.

[rmetzler]

Forwarding your keys basically. It's like giving someone you don't know a handshake AND all your keys.

[lcswi]

public keys I hope?!

[ewindisch]

No, it gives the remote server use of your private keys during the lifetime of your connection through connection to your local agent.

Yes, it's really stupid to enable AgentForwarding.

[chmike]

OMG! This was an important and helpful precision. Thank you very much.

[rmetzler]

I worded it the wrong way I guess.

Edit: I don't really know how do say this short and concise, but you should only do this with servers you trust.

* http://rabexc.org/posts/pitfalls-of-ssh-agents

* http://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-cons...