Agent forwarding is a security measure in which you have to go through a preliminary server in order to get the server that you really need to reach. The Server being protected will not have a public IP address. You must ssh into the preliminary server with that servers public IP and then from there ssh into the protected server using it’s private IP. Let’s see what that looks like.
$ eval ssh-agent
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/user/.ssh/id_rsa (/Users/user/.ssh/id_rsa)
$ ssh -A -i ~/.ssh/id_rsa ubuntu@
ubuntu:~$ ssh ubuntu@
~/.ssh/id_rsa is the most common path for private keys, but if you have your private key somewhere else then you need to use that path instead. the
-A option on the
ssh command is what enables agent-forwarding. The
-i (identity_file) command is what allows you to include the path to your private key.
UPDATE: It appears that if you do the
ssh-add commands then you will not need the
-i ~/.ssh/id_rsa part of the command.