Merge pull request #227 from smallstep/disable-forward-agent

Do not enable by default ForwardAgent

authority/ssh_test.go

@@ -412,7 +412,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) {
 	}
 	userOutputWithUserData := []templates.Output{
 		{Name: "include.tpl", Type: templates.File, Comment: "#", Path: "ssh/include", Content: []byte("Host *\n\tInclude /home/user/.step/ssh/config")},
-		{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tForwardAgent yes\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},
+		{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},
 	}
 	hostOutputWithUserData := []templates.Output{
 		{Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")},

authority/testdata/templates/config.tpl

@@ -1,5 +1,4 @@
 Match exec "step ssh check-host %h"
-	ForwardAgent yes
 {{- if .User.User }}
 	User {{.User.User}}
 {{- end }}

pki/templates.go

@@ -42,7 +42,6 @@ var SSHTemplateData = map[string]string{
 	//
 	// Note: on windows ProxyCommand requires the full path
 	"config.tpl": `Match exec "step ssh check-host %h"
-	ForwardAgent yes
 {{- if .User.User }}
 	User {{.User.User}}
 {{- end }}