Feature Request: SSH-agent-style credential forwarding for remote Claude Code sessions

Resolved 💬 6 comments Opened Apr 16, 2026 by cghamburg Closed May 25, 2026

Problem

When running Claude Code on a remote server via SSH, credentials (API key or OAuth token) must be stored on the remote filesystem. On shared servers where other users have root access, this is a security concern — root can read tokens from ~/.claude/ or /proc/*/environ.

There is no equivalent to SSH's ssh-agent forwarding, where the secret never leaves the local machine.

Proposed Solution

A local claude-auth-agent daemon (analogous to ssh-agent) that:

  1. Runs on the local machine, holds the API key / OAuth token in memory
  2. Exposes a Unix socket (e.g. CLAUDE_AUTH_SOCK)
  3. The socket is forwarded via ssh -R to the remote server
  4. Remote Claude Code talks to the forwarded socket for API authentication
# Local
eval $(claude-auth-agent)
ssh -R /tmp/claude-auth.sock:$CLAUDE_AUTH_SOCK -p 42222 user@server

# Remote — key never touches the server
export CLAUDE_AUTH_SOCK=/tmp/claude-auth.sock
claude

Why

  • API keys / OAuth tokens never leave the local machine
  • Revocation is instant (kill the local agent)
  • Familiar pattern — every developer already knows ssh-agent forwarding
  • Shared/multi-tenant servers become safe to use

Related Issues

  • #42965 — OAuth broken for remote/headless setups
  • #7100 — Headless/remote authentication (auto-closed)
  • #44089 — Keychain inaccessible from SSH sessions
  • #29717 — SSH_AUTH_SOCK forwarding for 1Password agent

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗