Agent forwarding is a special case of remote tunneling. In agent forwarding, Secure Shell connections and public-key authentication data are forwarded from one server to another without the user having to authenticate separately for each server. Authentication data does not have to be stored on any other machine than the local machine, and authentication passphrases or private keys never go over the network.

By default, the server allows agent forwarding. To deny agent forwarding, set the AllowAgentForwarding keyword in the sshd2_config configuration file to no.