The guide to Using SSH agent forwarding currently states:
Your system must allow SSH agent forwarding
Sometimes, system configurations disallow SSH agent forwarding. You can check if a system configuration file is being used by entering the following command in the terminal:
ssh -v example.com# Connect to example.com with verbose debug outputOpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011debug1: Reading configuration data /Users/you/.ssh/configdebug1: Applying options for example.comdebug1: Reading configuration data /etc/ssh_configdebug1: Applying options for *exit# Returns to your local command prompt
In the example above, the file ~/.ssh/config is loaded first, then /etc/ssh_config is read. We can inspect that file to see if it’s overriding our options by running the following commands:
cat /etc/ssh_config# Print out the /etc/ssh_config fileHost * SendEnv LANG LC_* ForwardAgent no
In this example, our /etc/ssh_config file specifically says
ForwardAgent no, which is a way to block agent forwarding. Deleting this line from the file should get agent forwarding working once more.
This advice is incomplete. As the documentation for ssh_config(5) shows,
For each parameter, the first obtained value will be used.
I think the way this guide currently reads makes it sound like /etc/ssh_config overrides earlier settings. Actually, the opposite is true. Although many other utilities allow the last config option to override the first, ssh_config does it the other way around. This is also why command-line flags (which almost always take precedence by convention) are actually loaded first in this case. As the guide itself points out in a warning, removing
ForwardAgent no from the user’s default settings may not be secure.