SshAgentOsxSierra

16th February 2017 at 10:49am
Apple OS X SSH TechnicalNotes

Apple's OS X operating system allows you to add your SSH private keys to the Apple keyring using the ssh-add -K command. In the past your SSH keys would then be loaded and unlocked automatically upon logging in to your computer.

With the release of OS X Sierra 10.12.2, this loading and unlocking of your SSH keys no longer happens automatically.

While you can still force your keys to be loaded on demmand on the command line by executing ssh-add -A, this may be inconvenient for some.

You can revert to this functionality by modifying your ~/.ssh/config or /etc/ssh/ssh_config. Simply make use of the new UseKeychain and AddKeysToAgent options:

$ cat ~/.ssh/config
Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa

From the ssh_config(5) man page:

UseKeychain

On macOS, specifies whether the system should search for passphrases in the user's keychain when attempting to use a particular key. When the passphrase is provided by the user, this option also specifies whether the passphrase should be stored into the keychain once it has been verified to be correct. The argument must be ``yes'' or ``no''. The default is ``no''.

AddKeysToAgent

Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to ``yes'' and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to ``ask, ssh will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details). If this option is set to ``confirm'', each use of the key must be confirmed, as if the -c option was specified to ssh-add(1). If this option is set to ``no'', no keys are added to the agent. The argument must be ``yes'', ``confirm'', ``ask'', or ``no''. The default is ``no''.

Sources: