I installed openssh 8.2 via brew install openssh
. I added the following to my .profile
:
export SSH_AUTH_SOCK="~/.ssh/agent.$HOST.sock"
ssh-add -l 2>/dev/null >/dev/null
if [ $? -ge 2 ]; then
ssh-agent -a "$SSH_AUTH_SOCK" >/dev/null
fi
And, then I have to do the following:
ssh-add ~/.ssh/id_ecdsa_sk
Enter passphrase for /Users/myuser/.ssh/id_ecdsa_sk:
Identity added: /Users/myuser/.ssh/id_ecdsa_sk
even though I have the following in my ~/.ssh/config
:
Host *
IgnoreUnknown UseKeychain
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ecdsa_sk
(I had to add the IgnoreUnknown
bit, because the install from brew installs a version that breaks the UseKeychain
bit.) But now: How do I wire it up so it adds the key to my keychain?
Best Answer
Keychain integration is a feature added by Apple that is not in the standard release of OpenSSH. As you have now installed the standard OpenSSH release from HomeBrew, you won't have this functionality anymore. You have discovered this as the
UseKeychain
option now gives configuration errors - adding theIgnoreUnknown
configuration only makes the error message go away, it won't actually bring back any functionality.In order to get Keychain integration, you will want to uninstall the HomeBrew version of OpenSSH and use the version supplied by Apple.
The version in HomeBrew will not for the foreseeable future have Keychain integration - it's not that they can't make it work at all, but rather that they have found the implementation that was made to be too big a risk for the project, as it's a big change that doesn't come from the OpenSSH project itself. You can read about that discussion here.
If you look at the link, you'll see that you can still download the old patch, and try that out if you like. However, as it is no longer maintained, it is a security risk.
Similarly you can download a third party mod to add Keychain support here. However that hasn't been updated since 2017 it seems, and as such would also be a security risk.