diff --git a/communicator/config.go b/communicator/config.go
index 1bc2d602e..813f24f1d 100644
--- a/communicator/config.go
+++ b/communicator/config.go
@@ -547,10 +547,10 @@ func (c *Config) prepareSSH(ctx *interpolate.Context) []error {
 		}
 	}
 
-	if c.SSHBastionHost != "" && !c.SSHBastionAgentAuth {
-		if c.SSHBastionPassword == "" && c.SSHBastionPrivateKeyFile == "" {
+	if c.SSHBastionHost != "" {
+		if c.SSHBastionPassword == "" && c.SSHBastionPrivateKeyFile == "" && !c.SSHBastionAgentAuth {
 			errs = append(errs, errors.New(
-				"ssh_bastion_password or ssh_bastion_private_key_file must be specified"))
+				"ssh_bastion_password, ssh_bastion_private_key_file or ssh_bastion_agent_auth must be specified"))
 		} else if c.SSHBastionPrivateKeyFile != "" {
 			path, err := pathing.ExpandUser(c.SSHBastionPrivateKeyFile)
 			if err != nil {
diff --git a/communicator/step_connect_ssh.go b/communicator/step_connect_ssh.go
index 652b5c4b3..fce6175f6 100644
--- a/communicator/step_connect_ssh.go
+++ b/communicator/step_connect_ssh.go
@@ -165,6 +165,8 @@ func (s *StepConnectSSH) waitForSSH(state multistep.StateBag, ctx context.Contex
 		var connFunc func() (net.Conn, error)
 		address := fmt.Sprintf("%s:%d", host, port)
 		if bAddr != "" {
+			log.Printf("[INFO] connecting with SSH to host %s through bastion at %s",
+				address, bAddr)
 			// We're using a bastion host, so use the bastion connfunc
 			connFunc = ssh.BastionConnectFunc(
 				bProto, bAddr, bConf, "tcp", address)
diff --git a/sdk-internals/communicator/ssh/connect.go b/sdk-internals/communicator/ssh/connect.go
index 80bf0a9f4..4216ec35d 100644
--- a/sdk-internals/communicator/ssh/connect.go
+++ b/sdk-internals/communicator/ssh/connect.go
@@ -2,6 +2,7 @@ package ssh
 
 import (
 	"fmt"
+	"log"
 	"net"
 	"time"
 
@@ -62,6 +63,9 @@ func BastionConnectFunc(
 			return nil, fmt.Errorf("Error connecting to bastion: %s", err)
 		}
 
+		log.Println("[DEBUG] connected to bastion host")
+		log.Println("[DEBUG] attempting connection to destination host")
+
 		// Connect through to the end host
 		conn, err := bastion.Dial(proto, addr)
 		if err != nil {