Two weeks ago Apple released macOS Sierra 10.12.2. Departing from my usual modus operandi, I’ve been lagging this time around, and just updated my work machine this morning, only to find that
ssh-agent was no longer remembering my passphrases.
After some confusion, I discovered that 10.12.2 brought updates to OpenSSH that changed some of the relevant behaviors. While this appears to overall be a Good Thing™, it did break my workflow for a bit.
That said, the fix is pretty simple:
# ~/.ssh/config UseKeychain yes AddKeysToAgent yes
What’s the Deal?
Two distinct changes were introduced that the above config addresses.
UseKeychain yes tells
ssh-agent to store passphrases in the iCloud Keychain. This was the default before, but seemingly unintentionally. There used to be a system dialog
ssh would present when asking for the passphrase that enabled the user to store it in the Keychain, but the UI was deprecated and removed. The
UseKeychain option was introduced to enable configuration of this behavior, and was enabled by default on Sierra, but 10.12.2 disabled it, which was always supposed to be the case.
AddKeysToAgent yes tells
ssh-agent to automatically load keys. It’s now disabled by default to match the upstream OpenSSH behavior.
The above (and more) can be found on Apple’s developer site.