Mac OS X Leopard - Built-in SSH agent

October 28th, 2007

Leopard now comes with a built-in SSH agent. The really nice thing about it is that it integrates with your user’s Keychain. So, the first time you try to unlock your SSH key a dialog will appear asking you for its password along with an option to save that password in your Keychain.

On Tiger I was using SSHKeychain to achieve this, but it had a nasty bug where it would randomly start to consume 100% of a CPU. This chewed through my Macbook Pro’s battery, which was a pain. If you’ve been using a third party SSH agent and want to switch to the built-in agent, make sure to check that you’re not manually setting the SSH_AUTH_SOCK environment variable, which is something I had to do to get SSHKeychain working.

If launch-services is managing your SSH agent, it should look something like:

kenshin:~ scottr$ echo $SSH_AUTH_SOCK
/tmp/launch-fTiPvL/Listeners

Otherwise, check your various profile settings, and check to make sure your third party agent isn’t set as a launch item. You’ll have to log out for this to take effect. Once launch-services is managing your SSH_AUTH_SOCK, logging into OS X will unlock your keychain and allow the ssh-agent to unlock your SSH keys without having to enter another password.

Entry Filed under: General

2 Comments Add your own

  • 1. Alan  |  November 23rd, 2007 at 1:20 pm

    If you aren’t getting the above mentioned prompt when trying to ssh into a server, it might be that your ssh-agent is not being managed by Leopard. See this website:

    http://discussions.apple.com/thread.jspa?messageID=5727320

    It fixed my issue.

  • 2. Luke Redpath  |  March 5th, 2008 at 8:36 am

    Here’s another gotcha for people who can’t get this working.

    I was struggling to work out why I could not get this working with a new MacBook (which never had SSHKeychain installed).

    The reason: I use MacPorts and had ended up installing OpenSSH via MacPorts (it was a dependency of some other lib). This resulted in a standard, non-keychain support build of ssh in /opt/local/bin, which happened to be listed in my $PATH first. Only when I ran “which ssh” did I realize what had happened.

Leave a Comment

hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed

Calendar

October 2007
M T W T F S S
« Aug   Nov »
1234567
891011121314
15161718192021
22232425262728
293031  

Most Recent Posts