ssh key forward without ssh-add

Question

I have couple of hosts HostA, HostB and a key KeyX used to ssh to both the hosts. I am trying to ssh to HostA first and then ssh to HostB from HostA.

Following steps do not work:

localhost :> ssh -i KeyX HostA
hosta :> ssh -A HostB

SSH to HostB fails with error complaining about "Permission denied (publickey)."

Following steps work:

localhost:> ssh-add KeyX
localhost:> ssh -i KeyX HostA
hostA:> ssh -A HostB

Works. I understand that ssh-add adds key to the ssh-agent but don't understand why the first process does not works and why adding the key to the agent make a difference. Can someone explain what was required for key forward that is satisfied by ssh-add, wasn't clear from available public documents.

Answer 1

I understand that ssh-add adds key to the ssh-agent

Yes

but don't understand why the first process does not works and why adding the key to the agent make a difference.

The key is on your machine. If you do not add it to the agent and do not forward this agent to the hostA (probably specified in configuration?), it will not see the key and will not be able to authenticate you.

Can someone explain what was required for key forward that is satisfied by ssh-add, wasn't clear from available public documents.

Use ssh-add -l. It will list the keys you have in your agent. At first it does not list your key, after ssh-add it does. You should be able to run the same command on the hostA, where you should see the same key forwarded from your local machine.