I'm having a little trouble with forced commands. I'm using openssh. I have 2 clients and a firewall in between. I want to scp from the one client to the other without the firewall. I have set up ssh from the one client to the firewall and from the firewall to the other client. It works fine. But then I added a forced command to the $HOME/.ssh/authorized_keys on the firewall. It looks like: no_pty,command="ssh -l account client2" 1024 rest of key. I also have the file $HOME/.ssh/config on client one looking like host client2 hostname firewall user account But when I try ssh account@client2 on client1 I just get connected to the firewall. Any idea why it's not forwarding to the other client? Must ssh-agent run and on whitch client or firewall? Thanks