When using a bastion host (or Jumpbox) to connection to production server using ssh private keys, ssh agent forward can be used. The main advantage is that you wont have to copy you keys on bastion host and hence your keys are more secure.
Using command line option -A
Use -A option when connecting to bastion host. Then you can connect to target host without having to specify your keys again.
$ ssh -i PRIVATE_KEY_FILE -A bastionhost.com ## On bastion host check env variable SSH_AUTH_SOCK $ echo $SSH_AUTH_SOCK /tmp/ssh-gDJRG7maIa/agent.26247 ## now connect to productionhost.com from bastion host $ ssh productionhost.com
Alternatively update ssh config file on you laptop/desktop to enable agent forwarding when connecting to bastionhost.com
Host bastionhost.com ForwardAgent yes