From 6c90b58c667918bec182425b7f0310ae182f4c3f Mon Sep 17 00:00:00 2001
From: Christian Struck <christian@struck.se>
Date: Thu, 21 Mar 2024 15:36:02 +0100
Subject: [PATCH] fix(terraform): remove ForwardAgent on from ssh_client config

having ssh ForwardAgent on imposes a security risk.
It is not necessary in this use-case and will perfectly
work without ForwardAgent in the ssh_config.
---
 terraform/modules/ssh-config/templates/ssh_config | 1 -
 1 file changed, 1 deletion(-)

diff --git a/terraform/modules/ssh-config/templates/ssh_config b/terraform/modules/ssh-config/templates/ssh_config
index 301e6988..b1e2492b 100644
--- a/terraform/modules/ssh-config/templates/ssh_config
+++ b/terraform/modules/ssh-config/templates/ssh_config
@@ -4,7 +4,6 @@ Host bastion ${bastion_ip}
 %{if ssh_force_tty ~}
     RequestTTY force
 %{endif ~}
-    ForwardAgent yes
     IdentityFile ${ssh_identity_file}
     UserKnownHostsFile ${ssh_known_hosts}
 %{ for id in keys(instances) ~}