Ssh-add is not persistent between reboots

osxsshssh-agent

I added a ssh key to the agent by:

$ ssh-add ~/.ssh/id_rsa_mac
Identity added: /Users/alex/.ssh/id_rsa_mac (/Users/alex/.ssh/id_rsa_mac)

After a reboot the agent doesn't have this key added anymore:

$ ssh-add -l
The agent has no identities.

Why did this happen?

Best Answer

The addition of keys to the agent is transient. They last only so long as the agent is running. If you kill it or restart your computer they're lost until you re-add them again. From the ssh-agent man page:

ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh(1).

The agent initially does not have any private keys. Keys are added using ssh-add(1). When executed without arguments, ssh-add(1) adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks for the passphrase on the terminal if it has one or from a small X11 program if running under X11. If neither of these is the case then the authentication will fail. It then sends the identity to the agent. Several identities can be stored in the agent; the agent can automatically use any of these identities. ssh-add -l displays the identities currently held by the agent.

macOS Sierra

Starting with macOS Sierra 10.12.2, Apple has added a UseKeychain config option for SSH configs. You can activate this feature by adding UseKeychain yes to your ~/.ssh/config.

Host *
  UseKeychain yes

OSX Keychain

I do not use OSX but did find this Q&A on SuperUser titled: How to use Mac OS X Keychain with SSH keys?.

I understand that since Mac OS X Leopard the Keychain has supported storing SSH keys. Could someone please explain how this feature is supposed to work.

So from the sound of it you could import your SSH keys into Keychain using this command:

$ ssh-add -K [path/to/private SSH key]

Your keys should then persist from boot to boot.

Whenever you reboot your Mac, all the SSH keys in your keychain will be automatically loaded. You should be able to see the keys in the Keychain Access app, as well as from the command line via:
  ssh-add -l

Source: Super User - How to use Mac OS X Keychain with SSH keys?

Related Solutions

Ssh – “Permanently added the RSA host key” what does it mean

Keyword there is host key. The first time you connect to a host, you are presented with a fingerprint of that host's public key. The server itself has a keypair just like users do.

The idea is that you can verify the fingerprint with what you know that server's fingerprint to be, to ensure you are not being MITMed.

Once you accept the host key, it gets saved in your known_hosts file, which your client uses to verify all subsequent connections.

If the host key changes unexpectedly, your client will notice and will display a nasty error message, suggesting that something may be awry and that you should check things out.

Ssh-add is forgotten if new gnome-terminal is opened

ssh-add and ssh refer to a couple of environment variables to find the SSH agent to talk to: SSH_AGENT_PID and SSH_AUTH_SOCK. When you run

eval `ssh-agent -s`

ssh-agent outputs the values and your shell interprets them; they are set in the shell the command is run from, and that shell only. Thus when you start a new terminal, the new shell in that terminal doesn't have those variables set appropriately and ssh can't find the agent.

If you have both terminals running, you can run

env | grep SSH

in the terminal you started the agent from, and set the values given in the new terminal. Then ssh should find the agent in the second terminal.

A better solution though is to use the SSH agent integration in GNOME, as provided by gnome-keyring. I'm not sure how things are set up in RHEL Desktop, but you can try simply running ssh-add without starting the agent beforehand...

The GNOME keyring SSH documentation may be helpful; in particular, you may want to check whether the SSH Key Agent is enabled in your startup applications (in the GNOME properties).