Add ssh.forwardAgent setting to Connect

docs/pages/connect-your-client/teleport-connect.mdx

@@ -437,6 +437,7 @@ Below is the list of the supported config properties.
 | `keymap.openSearchBar`        | `Command+K` on macOS<br/>`Ctrl+K` on Windows/Linux                                                                   | Shortcut to open the search bar.                                       |
 | `headless.skipConfirm` | false | Skips the confirmation prompt for Headless WebAuthn approval and instead prompts for WebAuthn immediately. |
 | `ssh.noResume`                | false                                                                                                                | Disables SSH connection resumption.                                                                        |
+| `ssh.forwardAgent`            | true                                                                                                                 | Enables agent forwarding.                                                                                  |
 
 <Admonition
   type="note"

web/packages/teleterm/src/preload.ts

@@ -75,6 +75,8 @@ async function getElectronGlobals(): Promise<ElectronGlobals> {
     {
       ssh: {
         noResume: mainProcessClient.configService.get('ssh.noResume').value,
+        forwardAgent:
+          mainProcessClient.configService.get('ssh.forwardAgent').value,
       },
       terminal: {
         windowsBackend: mainProcessClient.configService.get(

web/packages/teleterm/src/services/config/appConfigSchema.ts

@@ -151,6 +151,12 @@ export const createAppConfigSchema = (platform: Platform) => {
       .boolean()
       .default(false)
       .describe('Disables SSH connection resumption.'),
+    'ssh.forwardAgent': z
+      .boolean()
+      .default(true)
+      .describe(
+        "Enables agent forwarding when connecting to SSH nodes. It's the equivalent of the forward-agent flag in tsh ssh."
+      ),
   });
 };
 

web/packages/teleterm/src/services/pty/ptyHost/buildPtyOptions.test.ts

@@ -22,10 +22,17 @@ import {
   ShellCommand,
   TshLoginCommand,
   GatewayCliClientCommand,
+  SshOptions,
 } from '../types';
 
 import { getPtyProcessOptions } from './buildPtyOptions';
 
+const makeSshOptions = (options: Partial<SshOptions> = {}): SshOptions => ({
+  noResume: false,
+  forwardAgent: false,
+  ...options,
+});
+
 describe('getPtyProcessOptions', () => {
   describe('pty.gateway-cli-client', () => {
     it('merges process env with the env from cmd', () => {
@@ -47,7 +54,7 @@ describe('getPtyProcessOptions', () => {
 
       const { env } = getPtyProcessOptions(
         makeRuntimeSettings(),
-        { ssh: { noResume: false }, windowsPty: { useConpty: true } },
+        { ssh: makeSshOptions(), windowsPty: { useConpty: true } },
         cmd,
         processEnv
       );
@@ -76,7 +83,7 @@ describe('getPtyProcessOptions', () => {
 
       const { env } = getPtyProcessOptions(
         makeRuntimeSettings(),
-        { ssh: { noResume: false }, windowsPty: { useConpty: true } },
+        { ssh: makeSshOptions(), windowsPty: { useConpty: true } },
         cmd,
         processEnv
       );
@@ -103,12 +110,71 @@ describe('getPtyProcessOptions', () => {
 
       const { args } = getPtyProcessOptions(
         makeRuntimeSettings(),
-        { ssh: { noResume: true }, windowsPty: { useConpty: true } },
+        {
+          ssh: makeSshOptions({ noResume: true }),
+          windowsPty: { useConpty: true },
+        },
         cmd,
         processEnv
       );
 
       expect(args).toContain('--no-resume');
     });
+
+    it('enables agent forwarding on tsh ssh invocations if the option is set', () => {
+      const processEnv = {
+        processExclusive: 'process',
+        shared: 'fromProcess',
+      };
+      const cmd: TshLoginCommand = {
+        kind: 'pty.tsh-login',
+        clusterName: 'bar',
+        proxyHost: 'baz',
+        login: 'bob',
+        serverId: '01234567-89ab-cdef-0123-456789abcdef',
+        rootClusterId: 'baz',
+        leafClusterId: undefined,
+      };
+
+      const { args } = getPtyProcessOptions(
+        makeRuntimeSettings(),
+        {
+          ssh: makeSshOptions({ forwardAgent: true }),
+          windowsPty: { useConpty: true },
+        },
+        cmd,
+        processEnv
+      );
+
+      expect(args).toContain('--forward-agent');
+    });
+
+    it('does not enable agent forwarding on tsh ssh invocations if the option is not set', () => {
+      const processEnv = {
+        processExclusive: 'process',
+        shared: 'fromProcess',
+      };
+      const cmd: TshLoginCommand = {
+        kind: 'pty.tsh-login',
+        clusterName: 'bar',
+        proxyHost: 'baz',
+        login: 'bob',
+        serverId: '01234567-89ab-cdef-0123-456789abcdef',
+        rootClusterId: 'baz',
+        leafClusterId: undefined,
+      };
+
+      const { args } = getPtyProcessOptions(
+        makeRuntimeSettings(),
+        {
+          ssh: makeSshOptions({ forwardAgent: false }),
+          windowsPty: { useConpty: true },
+        },
+        cmd,
+        processEnv
+      );
+
+      expect(args).not.toContain('--forward-agent');
+    });
   });
 });

web/packages/teleterm/src/services/pty/ptyHost/buildPtyOptions.ts

@@ -153,7 +153,7 @@ export function getPtyProcessOptions(
         `--proxy=${cmd.rootClusterId}`,
         'ssh',
         ...(options.ssh.noResume ? ['--no-resume'] : []),
-        '--forward-agent',
+        ...(options.ssh.forwardAgent ? ['--forward-agent'] : []),
         loginHost,
       ];
 

web/packages/teleterm/src/services/pty/types.ts

@@ -118,6 +118,10 @@ export type SshOptions = {
    * (by adding the `--no-resume` option).
    */
   noResume: boolean;
+  /**
+   * Enables agent forwarding when running `tsh ssh` by adding the --forward-agent option.
+   */
+  forwardAgent: boolean;
 };
 
 export type TerminalOptions = {