Answers to this question explain how to have SSH passphrases added to the keychain when they are entered. Having recently upgraded from a previous version of OSX, I'm used to the passphrases being stored in memory but not in persistent storage. If setting UseKeychain yes
causes passphrases to be stored to disk, is there a way to prevent this? IE I'd like to avoid having to re-enter them except after having rebooted. It seems less than ideal to store a passphrase in a location protected with a potentially less secure password.
Storing SSH passphrase in memory but not saving it to the keychain persistently
keychainssh
Related Question
- MacOS 10.12 Sierra will not forget the ssh keyfile passphrase
- I don’t know the SSH key passphrase cause Keychain managed it (pre-Sierra). What do I do now
- Recover SSH private key passphrase from keychain
- SSH with key passphrase not working
- MacOS – How to disable SSH passphrase keychain saves in OS X Sierra
- MacOS – How to find the passphrase in the keychain after adding it with ssh-add -K
Best Answer
Set
UseKeychain no
(the default) and runssh-add
without the-K
option.Note that this does not store the pass phrase in memory; instead, it causes
ssh-agent
to keep the decrypted key in memory, and subsequent uses ofssh
will then work without the need to supply the pass phrase.If you already have the pass phrase stored in the keychain, you'd need to use the
Keychain Access
application to find the pass phrase and delete it.