Same ask as ssh agent forwarding on Windows 10, but on Windows 11.
When I ssh from my Linux client with AgentForwarding enabled into a Windows 11 host, I cannot access the client keys on the host:
C:\Users\admin>ssh-add -l
The agent has no identities.
The built-in OpenSSH server on the Windows host has AllowAgentForwarding enabled.
Also, agent forwarding works correctly when I ssh into other (non-windows) hosts.
Is there some special trick I'm missing to get agent forwarding working on a Windows host, or what could be causing it not to work.
The debug log at least seems to indicate that it's trying to connect the agent:
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: server_input_channel_req: channel 0 request auth-agent req@openssh.com reply 0
debug1: session_input_channel_req: session 0 req auth-agentreq@openssh.com
More info,
Should I configure OpenSSH Authentication Agent service to automatically start?
https://superuser.com/a/1354118/203539 says
You must
But I saw later there is a warning:
I must warn you against using ssh-agent from the PowerShell port of openssh as it silently uses ondisk storage of your keys in the Registry. See my own question (and answer) where-does-windows-openssh-ssh-agent-service-secretly-store-private-keys for a full explanation.
Essentially there are 3 problems with it:
- It stores secret keys ON DISK - never use in a shared or guest situation
- (traces of) Secret keys remain ON DISK after deletion
- PoweShell implementation does not conform to the openssh manual page ssh-agent.1 in key aspects of security.
Not sure if it is the same thing though.
