Philipp Marek wrote: > > Any suggestions? > > On host2, run screen (or individual commands) without SSH_AUTH_SOCK, so eg. > > $ SSH_AUTH_SOCK= rsync ... Hi Philipp, Thanks for trying to help but that doesn't work. It prevents the ssh from host2 to host3 from having access to the agent, which it needs initially, but it only needs it long enough to authenticate the connection to host3. The attempt to ssh to host3 fails (because that ssh has no access to the key). I would hope that, once that authentication to host3 has completed, that ssh process would close its connection to the agent because it had been invokved with the -a option, and so the connection is no longer needed. i.e. it doesn't need to be forwarded to host3. I see ssh's failure to close the connection to the agent, once it is no longer needed, as a possible buglet. I was hoping that someone could explain why it needs to keep that connection open. I'm assuming there might be a good reason for it. Or maybe it really is a buglet. If this behaviour could be changed, so that ssh closes its connection to the agent socket when it is no longer needed, it would probably solve my problem automatically. Does that sound reasonable? cheers, raf _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev