13

When I ssh from my macOS client with AgentForwarding enabled into a Windows 10 host, I cannot access the client keys on the host.

The built-in OpenSSH server on the Windows host has AllowAgentForwarding enabled.

Also, agent forwarding works correctly when I ssh into other (non-windows) hosts.

Is there some special trick I'm missing to get agent forwarding working on a Windows host, or what could be causing it not to work.

The debug log at least seems to indicate that it's trying to connect the agent:

debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: server_input_channel_req: channel 0 request auth-agent req@openssh.com reply 0
debug1: session_input_channel_req: session 0 req auth-agentreq@openssh.com
matthew
  • 1,037

3 Answers3

5

SSH Agent Forwarding was not included in the original scope of work for the Windows OpenSSH project (see the Project Scope wiki page, which refers to this feature as "Authentication Forwarding").

However, it looks like this feature will be addressed in a future release. The vNext milestone includes several references to agent forwarding issues:

mrtumnus
  • 174
-1

On Windows 11, at least, you can SSH Agent forwarding is avaialable, but you need to run the ssh authentication agent:

  1. Open the 'Services' application from the Start menu.
  2. Scroll down to 'OpenSSH Authentication Agent'.
  3. Right-click the service to access its 'Properties'. Change its 'Startup type' to 'Automatic (Delayed Start)'. 'OK' to save your change.
  4. Right-click the service and choose 'Start' from the context menu.
Jellicle
  • 2,356
  • 4
  • 28
  • 32
-3

SSH-Agent is disabled by default on windows.

From [OpenSSH key management][1] article

# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
# Make sure you're running [Powershell] as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Manual

Start the service


Start-Service ssh-agent


This should return a status of Running


Get-Service ssh-agent


Now load your key files into ssh-agent


ssh-add ~.ssh\id_ed25519
JDH
  • 19