#54286 closed defect (wontfix)
Keychain integration no longer works after upgrading to macOS Sierra
| Reported by: | Feuermurmel (Michael Schwarz) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.4.1 |
| Keywords: | Cc: | ||
| Port: | openssh |
Description
Some time ago, I upgraded by Mac to macOS Sierra (now on 10.12.5). Since then, openssh's integration with the keychain no longer works.
When I connect to a host using a specific key for the first time, I'm getting dialog (see screen shot) asking me to enter the password used to decrypt the private key. There, I check Remember password in my keychain. The password is saved to the keychain but after a reboot, the same dialog pops up again when trying to connect to a host.
$ port version Version: 2.4.1 $ port installed and openssh The following ports are currently installed: openssh @7.3p1_0+gsskex+kerberos5+xauth (active) $ grep -iF key .ssh/config VisualHostKey yes AddKeysToAgent yes HostKeyAlgorithms ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256 UpdateHostKeys yes
Please tell me if there is additional information I can provide to help debug this problem.
Attachments (1)
Change History (3)
Changed 7 years ago by Feuermurmel (Michael Schwarz)
| Attachment: | Screen Shot 2017-06-05 at 02.09.22.png added |
|---|
comment:1 Changed 7 years ago by raimue (Rainer Müller)
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:2 Changed 7 years ago by Feuermurmel (Michael Schwarz)
Ahumm. This was not obvious for me. I have to use macOS' /usr/bin/ssh-add to manage the identities stored in the ssh-agent, even though I'm using MacPorts' /opt/local/bin/ssh to then use those identities. So something like this:
$ # Add the passwords to the user's keychain and the keys to the agent. $ /usr/bin/ssh-add -K Enter passphrase for /Users/michi/.ssh/id_rsa: Identity added: [...]/.ssh/id_rsa ([...]) Identity added: [...]/.ssh/id_ed25519 ([...]) $ # After a reboot, add the keys to the agent again. $ /usr/bin/ssh-add -A Identity added: [...]/.ssh/id_rsa ([...]) Identity added: [...]/.ssh/id_ed25519 ([...]) $ # Connect using MacPorts' `ssh`. $ ssh [...]
I just hope the versions of OpenSSH provided by macOS and MacPorts never have incompatible in a way that breaks this interaction.
The behavior was changed by Apple with macOS 10.12 Sierra. While keychain still stores the passphrase, you have to load your keys manually into ssh-agent now (
ssh-add -A). This was an intentional change and is documented in TN2449.