You must log in or # to comment.
To get hit by this you need to do ssh-agent forwarding to a malicious host. This is an attack against the client side, not the server.
So if your host in your dmz gets hacked and you don’t know it your at risk if you forward your agent then they get passed your firewall. I don’t know why you would forward your agent to a server in your dmz but could be a use case.
normally with this situation you probably have more to worry about. How often do people save their keys to get back out of the DMZ.