Add the variable AllowAgentForwarding to be set, with the default of 'no', only the Debian

template was adjusted for this, as my knowledge of the other operating systems is not good enough
to determine the appropriate setting there

manifests/init.pp

@@ -43,6 +43,9 @@
 #                               Valid Values: yes or no
 #                               Default: no
 #
+# sshd_agent_forwarding:	If you want to allow ssh-agent forwarding
+# 				Valid Values: yes or no
+#				Default: no
 
 class sshd {
     include sshd::client 
@@ -81,6 +84,10 @@ class sshd::base {
         '' => 'no',
         default => $sshd_x11_forwarding
     }
+    $real_sshd_agent_forwarding = $sshd_agent_forwarding ? {
+    	'' => 'no',
+	default => $sshd_agent_forwarding
+    }
 
     file { 'sshd_config':
         path => '/etc/ssh/sshd_config',

templates/sshd_config/Debian_normal.erb

@@ -94,9 +94,15 @@ UsePAM no
 
 HostbasedUsesNameFromPacketOnly yes
 AllowTcpForwarding yes
+<%- if real_sshd_agent_forwarding.to_s == 'yes' then %>
+AllowAgentForwarding yes
+<%- else %>
+AllowAgentForwarding no
+<%- end %>
 
 ChallengeResponseAuthentication no
 
 <%- unless real_sshd_allowed_users.to_s.empty? then %>
 AllowUsers <%= real_sshd_allowed_users %>
 <%- end %>
+