> So if you SSH to 1.2.3.4 with "-A", that host has the ability to poke your agent and ask for any keys it's got loaded up.
I'm sure you know this but just to be clear... if you're using "-A", that host has the ability to ask for operations to be performed using any keys it's got loaded up.
It can't just say, "Lemme have all those private keys you got!". That's the primary purpose of storing them in a separate device -- the actual keys themselves become inaccessible and aren't exposed. Again, the device keeps the keys internally and performs operations using them on your behalf.
Besides, in my case, even with an "offline master" key and three subkeys, the agent still only knows about the authentication key. The others don't get loaded into the SSH agent. I don't even use agent forwarding in the first place, but that's beside the point.
I'm sure you know this but just to be clear... if you're using "-A", that host has the ability to ask for operations to be performed using any keys it's got loaded up.
It can't just say, "Lemme have all those private keys you got!". That's the primary purpose of storing them in a separate device -- the actual keys themselves become inaccessible and aren't exposed. Again, the device keeps the keys internally and performs operations using them on your behalf.
Besides, in my case, even with an "offline master" key and three subkeys, the agent still only knows about the authentication key. The others don't get loaded into the SSH agent. I don't even use agent forwarding in the first place, but that's beside the point.