Pragmatism in the real world

SSH keys in macOS Sierra

Now that I’ve upgraded to macOS 10.12 Sierra, I noticed that SSH required me to enter my passphrase to keys every time I used them. This was a surprise as it’s not how 10.11 El Capitan worked.

This is how to fix it.

Firstly, add your SSH key’s passphrase to the keychain using ssh-add -K ~/.ssh/id_rsa (or any other key file). You can now use your SSH key without re-typing the password all the time which is very handy for use with GitHub/GitLab/Bitbucket/etc.

You can add as many keys as you like and ssh-add -l will show you which keys are registered.

When you reboot, you’ll notice that ssh-add -l is empty which is different from how it works on macOS 10.11 and earlier which automatically re-added the keys it knew about. In Sierra, Apple has changed it so that you now need to explicitly add the known identities to the ssh agent. This is done using ssh-add -A which you need to run every time you reboot.

To save having to do this, you can either add ssh-add -A to your ~/.bash_profile file or update your SSH config by editing ~/.ssh/config and adding:

Host *
   AddKeysToAgent yes
   UseKeychain yes

SSH will now work as expected and you’ll never need to reenter your passphrase once it has been added to the system keychain.

5 thoughts on “SSH keys in macOS Sierra

  1. "SSH will now work as expected and you'll never need to reenter your passphrase…"

    Never say never :)

Comments are closed.