jirsbek / ssh-keys-in-macos-sierra-keychain Goto Github PK
View Code? Open in Web Editor NEWSaving SSH keys in macOS Sierra keychain
Saving SSH keys in macOS Sierra keychain
Ok, so I recently upgraded to High Sierra and ran into this fun little issue about SSH keys no longer being saved to the keychain or automatically being added to the ssh-agent...
I have read dozens and dozens of articles, blogs and forum posts and I have tried everything they have suggested to no avail. No matter what I do, whenever I reboot, I am forced to manually run: ssh-add -K ~/.ssh/id_rsa
and then manually enter my passphrase, even though my ~/.ssh/config file contains the UseKeyChain yes
and AddKeysToAgent yes
, and I can see my ssh key and passphrase saved to my login keychain.
I tried to create a .plist file to run ssh-add -A
on startup, but I always get the error message: No identity found in the keychain
even though I can see it when I run ssh-add -l
JBARKER-01:~ joshua.barker$ ssh-add -l
2048 SHA256:<xxx> /Users/joshua.barker/.ssh/id_rsa (RSA)
JBARKER-01:~ joshua.barker$ ssh-add -A
No identity found in the keychain.
~/.ssh/config
JBARKER-01:~ joshua.barker$ cat ~/.ssh/config
Host *
IdentityFile ~/.ssh/id_rsa
UseKeyChain yes
AddKeysToAgent yes
Host localhost
UseKeyChain yes
AddKeysToAgent yes
HostName localhost
IdentityFile ~/.ssh/localhost_id_rsa
Host 0.0.0.0
UseKeyChain yes
AddKeysToAgent yes
HostName 0.0.0.0
IdentityFile ~/.ssh/localhost_id_rsa
I am currently on Mac OSX High Sierra 10.13.4 (17E202) and have OpenSSH_7.6p1, LibreSSL 2.6.2.
As best I can tell, either the SSH agent or the OS is ignoring the SSH key is stored in my keychain and/or is ignoring my config settings.
I have tried everything I can think of... any help would be greatly appreciated... Thanks!
Hi,
If you install a more recent SSH version via (e.g.) brew one might get the:
$ ssh-add -K
ssh-add: illegal option -- K
Pass the full path to ssh-add (/usr/bin/ssh-add
) to work around this problem.
When using agent forward to connect with one key to a bastion server and then with different keys to other servers the sequence of keys in the ssh_config file is important.
e.g.:
Host *
IdentityFile ~/.ssh/KEY_1.pem
IdentityFile ~/.ssh/KEY_2.pem
IdentityFile ~/.ssh/KEY_3.pem
AddKeysToAgent yes
UseKeychain yes
ForwardAgent yes
If the first server I am connecting to already authenticates with KEY_1.pem the others do not get added to the ssh-agent. To achieve that I had to switch the order to:
Host *
IdentityFile ~/.ssh/KEY_2.pem
IdentityFile ~/.ssh/KEY_3.pem
IdentityFile ~/.ssh/KEY_1.pem
AddKeysToAgent yes
UseKeychain yes
ForwardAgent yes
which then allowed me to have all 3 identities added to the ssh agent.
So I'd recommend adding a note, that in case you have more than 3 identities, you'll need to use solution number 2.
I would like to make a formal request for a updated version of they wonderfully made and wel thought out little "shin dig" as they say in the lower projects of south queens -101 degrees + 42 lat. +/-24.43m _,,,,,,,,,
.oIIII888888888888o
.o88IIIII888888888888Wm
.o88888III888888888888WMN88.
d888888888888888888888WMN8888o.
.d88888888II888888888888MN8888888o.
888888888888888888II888WMM8888888IIb
d88888888888888888888888MM888AAIIIIIIb
.88888888888888888888888W8M8IIIIIUU8888b
8888888888888888888888P dP`8888888888888.
I888888888888888888888P I I YI888888888888
88888888888888888888P' Ib Y888888888888
8888888888888888888" d' `"8"88888WWWW
"8888888" """ ' YMMMMMMP
WWWP `MMMMMM
MMM _,,_ .o88888o. IMMMM'
IMM 8*""*88b "Y"' IMMM~`.
`YM ,oo,`:. ,`db`-. `MP ~.|
( Y, .'`YP b :: "YY"~' P. ||
`,`" ~~~~' :: | ` ||
||A :: | .' ||
||;Y :' |' /
`. | .'" `.~`. | _'
`.| ;.-. ,-.' \ |`-'
`:. / "" \ .'
|: |._ _.-'|\ |
`:. `\ `"""--""' .|
`::. \ __ .:|
\:. \ ' ::'|
\:. .::' |
|:.. .::' |
|`::. .::' |
| `::.. ..::' |
`. `::::::::' |
| `"""' |
It looks like from http://testequals.com/2016/09/09/macos-sierra-10-12-ssh-keys/ Update 2, that this is now all that is needed to add keys back to the Keychain:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/[your-private-ssh-key-name]
``
Just in case anyone comes across this, I have found that I had to delete my old keychain entries with ones that referenced their absolute paths. e.g.
ssh-add -d -K .ssh/keyfile
ssh-add -K /Users/me/.ssh/keyfile
If you are seeing the "Bad configuration option: usekeychain" error during a git
command, it may be because Git isn't running the Apple-installed version of SSH. To ensure that you know which version of ssh
is called from git
, set an environment variable:
GIT_SSH="/usr/bin/ssh"
More generally, any wrapper of SSH could cause this kind of error. So I'd suggest checking which SSH binary is actually called.
Can't the same effect be accomplished by just specifying this at the top of the config file:
AddKeysToAgent=yes
UseKeychain=yes
Seems to be working for me, even though I haven't rebooted yet.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.