I understand that since Mac OS X Leopard the Keychain has supported storing SSH keys. Could someone please explain how this feature is supposed to work.
Active2 years ago
I have some RSA keys that I've generated stored in my ~/.ssh directory for accessing various servers. I don't have passphrases set on those keys. Currently in order to log in to those servers I use the following commands in the Terminal:
If you need to get ssh keys copied from client to server but ssh-copy-id isn't an option, you'll have to go the manual route. Here's how to do it. Secure Shell is one of those tools you will. A private SSH key file that the user stores on their local devices. If a user presents their private SSH key, they can use a third-party tool to connect to any instance that is configured with the matching public SSH key file, even if they aren't a member of your Google Cloud Platform project.
![]()
(I've written some Bash functions to make this easier.)
Is there a better way to do this using the Keychain?
John Topley
John TopleyJohn Topley
69833 gold badges1313 silver badges2222 bronze badges
9 Answers
For it to work, the
$SSH_AUTH_SOCK environment variable should be pointed to /tmp/launch-xxxxxx/Listeners . This is supposed to be done automatically when you log in. The listener on that socket speaks the ssh-agent protocol.
Your bash scripts are starting your own ssh agent (spelled
ssh-agent , not ssh_agent) and overriding the existing ssh-agent that is set up for you at login.
Also, the whole point of the keychain is to store the passwords to your ssh keys, but you say that you don't have passphrases set on those keys, so I'm not sure what you are expecting out of the keychain integration.
Finally, when you first log in, you probably won't see a ssh-agent process. That process will be started automatically by launch services the first time something tries to read that socket in
/tmp .
RudedogRudedog
As of the Leopard release of OS X, ssh-agent is more tightly integrated with Keychain. It is possible to store the passphrases of all of your SSH keys securely in Keychain, from which ssh-agent will read them on startup. The bottom line is that it is simple to secure your keys with passphrases, but never have to type the passphrase to use them! Here is how:
Add the pass phrase to each ssh key to keychain: (option -k loads plain private keys only, skips certificates)
(note that's a capital K)
Find Ssh Key Windows
Whenever you reboot your Mac, all the SSH keys in your keychain will be automatically loaded. You should be able to see the keys in the Keychain Access app, as well as from the command line via:
jeffmccjeffmcc
2,63122 gold badges1010 silver badges33 bronze badges
As of macOS Sierra, ssh-agent no longer auto-loads previously loaded ssh keys when you log in to your account. This is intentional on Apple part, they wanted to re-align with the mainstream OpenSSH implementation. [1]
As explained here, this is the recommended method since macOS 10.12.2:
The following is deprecated (kept for reference).
To go back to the previous behavior, you'd want to run the
ssh-add -A command (which auto-loads all the ssh keys that have pass-phrases on your keychain) when you log in. To do that, follow these steps:
And you should be all set.
Community♦
Ricardo Sanchez-SaezRicardo Sanchez-Saez
1,03011 gold badge99 silver badges1818 bronze badges
Default location to install gimp 2.8.22 user manual mac ox x. There is a simpler way than Ricardo's answer to persist your password between sessions/restarts of your Mac running 10.12 Sierra.
Apple purposely changed the behaviour for ssh-agent in macOS 10.12 Sierra to no longer automatically load the previous SSH keys, as noted in this OpenRadar, Twitter discussion, and Technical Note from Apple. The solution above will mimic the old behaviour of El Capitan and remember your password.
Community♦
ChrisJFChrisJF
How to manual shut down mac book pro. Note: for macOS Sierra, please refer to the more recent answer by ChrisJF.
The [answer by Jeff McCarrell][2] is correct, except that the command to add the pass phrase contains an en dash instead of a hyphen, i.e. Intertherm furnace mac 1165 manual.
–K instead of -K , causing a message to the effect of –K: No such file or directory .It should read:
simonairsimonair
I suspect you aren't using the default
ssh command. Do you have ssh installed via ports? Try which ssh to see which ssh command you are using.
Usually it should display a dialog box asking for you password, if it isn't already stored in you keychain.
OllyOlly
47133 gold badges66 silver badges1010 bronze badges
I had a similar problem while trying to login using a client ssh cert. In this specific case it was for accessing a git repository. This was the situation:
When I connected to remote mac using remote desktop, I didn't have a problem. However when connecting with SSH to the remote mac, I was asked for the ssh passphrase every time. The following steps solved it for me.
orkodenorkoden
See also:
.. adding this note as more detail was requested: the 'security' command is capable of importing keys (and other things) directly into Keychains. The nice thing is that unlike ssh-add, you are able to specify the keychain. This makes it possible to import directly into the system Keychain ('man security' to learn how)
Mac Ssh Key Location
xaphodxaphod
The best and Apple intended solution (since macOS 10.12.2) is described here
Mac Os Create Ssh Key
So just do the following:
Find Ssh Key In Mac Manual 2017
echo 'UseKeychain yes' >> ~/.ssh/config
Community♦
BenBen
Find Ssh Key In Mac Manual FreeNot the answer you're looking for? Browse other questions tagged macossshkeychain or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |