For example, imagine you’re connecting to a remote server, and you want to git pull some code that you’re storing on Github. SSH agent forwarding is like going another layer deeper. You’ll want to make sure your SSH server is locked down, of course.

This means you’ll only need to unlock it once, and it will persist until you restart, letting you log into your servers securely without a passphrase prompt. To manage this, most SSH implementations will use an agent, which keeps your decrypted key in memory. However, this means you’ll have to enter your passphrase every time you need to use your private key, which will get annoying. So, for security, SSH will ask you for a passphrase when you generate your keys (hopefully you didn’t skip that step) and it will use that passphrase to encrypt and decrypt your private key. But, this is like storing your passwords on a sticky note-anyone can view them if they have access to it. Your private SSH key is like a password, and is saved locally on your computer. Your public SSH key is like your username or identity, and you can share it with everybody. It’s built into ssh, and is easy to set up and use. SSH agent forwarding allows you to use your private, local SSH key remotely without worrying about leaving confidential data on the server you’re working with.