Make ForwardAgent configurable for Client Configuration

Author: kabakakao

attributes/default.rb

@@ -60,6 +60,7 @@
   client['cbc_required']  = false
   client['weak_hmac']     = false
   client['weak_kex']      = false
+  client['allow_agent_forwarding']   = false
   client['remote_hosts']  = []
   client['password_authentication'] = false   # ssh
   # http://undeadly.org/cgi?action=article&sid=20160114142733

templates/default/openssh.conf.erb

@@ -75,7 +75,7 @@ KexAlgorithms <%= @kex %>
 
 
 # Disable agent formwarding, since local agent could be accessed through forwarded connection.
-ForwardAgent no
+ForwardAgent <%= ((@node['ssh-hardening']['ssh']['client']['allow_agent_forwarding']) ? 'yes' : 'no' ) %>
 
 # Disable X11 forwarding, since local X11 display could be accessed through forwarded connection.
 ForwardX11 no