Currently SSH agent forwarding is broken on Windows (even on the latest OpenSSH 8.9p1 release).

PS C:\Users\ZeroCool> & 'C:\Program Files\OpenSSH\ssh.exe' -V
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
PS C:\Users\ZeroCool> & 'C:\Program Files\OpenSSH\ssh-add.exe' -L
Error connecting to agent: Unknown error

It's uncertain what the problem is, but most likely the use of unix sockets. We could look at projects like masahide/OmniSSHAgent for inspiration.

Fixing this could open up a path towards using our own SSH agent proxy instead of our GIT_SSH_COMMAND wrapper. This would allow for features like git commit signing via SSH keys in the agent (including the coder key and whatever other keys have been forwarded).

As mentioned in #3126 (comment), SSH agents are somewhat of a mess on Windows (excerpt):

When it comes to Windows, the SSH agent seems like a minefield. First and foremost, agent forwarding on Windows doesn't seem to work (or at least properly in all scenarios, see PowerShell/Win32-OpenSSH#1865, the issue tracker has many more like it).

When I say a minefield, check out this graph (borrowed from masahide/OmniSSHAgent):

So take-aways here are that:

• Implementing our own SSH agent on Windows is fraught with peril (perhaps we can take learnings from OmniSSHAgent, or find similar libs that abstract it away)
• Our current SSH agent forwarding most likely doesn't work on Windows at all (I tested Windows 10, OpenSSH_for_Windows_8.1p1, didn't work), or perhaps it might in an environment where unix sockets are supported (although my understanding is that Windows OpenSSH is incompatible with std OpenSSH agent)
• More research (and testing a potential implementation in various settings) is needed