Agent forwarding is a special case of remote tunneling. In agent forwarding, Secure Shell connections and public-key authentication data are forwarded from one server to another without the user having to authenticate separately for each server. Authentication data does not have to be stored on any other machine than the local machine, and authentication passphrases or private keys never go over the network.
By default, Tectia Server for IBM z/OS allows agent forwarding. To deny agent
forwarding, set the AllowAgentForwarding
keyword in the
sshd2_config
configuration file to
no
.