Answers to this question explain how to have SSH passphrases added to the keychain when they are entered. Having recently upgraded from a previous version of OSX, I'm used to the passphrases being stored in memory but not in persistent storage. If setting UseKeychain yes causes passphrases to be stored to disk, is there a way to prevent this? IE I'd like to avoid having to re-enter them except after having rebooted. It seems less than ideal to store a passphrase in a location protected with a potentially less secure password.
Storing SSH passphrase in memory but not saving it to the keychain persistently
keychainssh
Related Question
- MacOS 10.12 Sierra will not forget the ssh keyfile passphrase
- I don’t know the SSH key passphrase cause Keychain managed it (pre-Sierra). What do I do now
- Recover SSH private key passphrase from keychain
- SSH with key passphrase not working
- MacOS – How to disable SSH passphrase keychain saves in OS X Sierra
- MacOS – How to find the passphrase in the keychain after adding it with ssh-add -K
Best Answer
Set
UseKeychain no(the default) and runssh-addwithout the-Koption.Note that this does not store the pass phrase in memory; instead, it causes
ssh-agentto keep the decrypted key in memory, and subsequent uses ofsshwill then work without the need to supply the pass phrase.If you already have the pass phrase stored in the keychain, you'd need to use the
Keychain Accessapplication to find the pass phrase and delete it.