What part of SSH forwarding sets up SSH_AUTH_SOCK?

On my Mac with OS 10.6.x I found that agent forwarding didn't work until I added my key to the Apple keychain, with the following:

ssh-add -K ~/.ssh/id_rsa 

where ~/.ssh/id_rsa contains my private ssh key

I've a blog entry about setting up ssh host configuration entries to simplify ssh command-lines that may be of interest


The server also has to enable agent forwarding.


The client that runs the agent needs to have agent forwarding enabled. Not the server.

Never enable it globally, but on a per-host basis in ~/.ssh/config:

Host myserver.foo.local
ForwardAgent yes

Or use the -A option when connecting:

ssh -A myserver.foo.local