Re: OpenSSH with Mac Keychain
Dear Rainer, Thanks for the response. I can attest that openssh+gsskex does not support keychain, because my port installation is openssh @7.6p1_2+gsskex+kerberos5+xauth. This puts me in a dilemma. I need for one particular remote system the gsskex support, which was removed by Apple quite some time ago. That was why I started using macports’ version in the first place. I guess the only thing I can do is to make a special alias for that remote system using the macports’ openssh, and use Apple’s version for all others. This is annoying that Apple is customizing its own ssh… Sincerely, Chao-Chin > On Feb 5, 2018, at 6:55 AM, Rainer Müller wrote: > > On 2018-01-31 21:28, Chao-Chin Yang wrote: >> I can continue to log into the remote system without entering again the >> passphrase. However, once I completely log out of my Mac and re-log >> into my Mac, the terminal does not remember my passphrase anymore. > > As of macOS 10.12 Sierra, this is the intended behavior: > > https://developer.apple.com/library/content/technotes/tn2449/_index.html#//apple_ref/doc/uid/DTS40017589 > >> After googling around, it seems that the Mac native SSH has added a new >> SSH keyword “UseKeychain”, while the MacPorts version does not have this >> keyword and is having problem talking to Keychain. I cannot find any >> solution to this. >> >> Does anyone know any solution or is working on one? > > Unfortunately, the keychain support is a custom patch by Apple that is > not in the upstream sources. The patch will only be applied when > installing it with the +gsskex variant, however, I have not tested it > myself. > > Personally, I usually use /usr/bin/ssh because of the keychain > integration, but I have the following lines in my ~/.ssh/config that > stop /opt/local/bin/ssh from choking on the unknown options: > > IgnoreUnknown AddKeysToAgent,UseKeychain > AddKeysToAgent yes > UseKeychain yes > > Hope that helps, > Rainer
Re: OpenSSH with Mac Keychain
On 2018-01-31 21:28, Chao-Chin Yang wrote: > I can continue to log into the remote system without entering again the > passphrase. However, once I completely log out of my Mac and re-log > into my Mac, the terminal does not remember my passphrase anymore. As of macOS 10.12 Sierra, this is the intended behavior: https://developer.apple.com/library/content/technotes/tn2449/_index.html#//apple_ref/doc/uid/DTS40017589 > After googling around, it seems that the Mac native SSH has added a new > SSH keyword “UseKeychain”, while the MacPorts version does not have this > keyword and is having problem talking to Keychain. I cannot find any > solution to this. > > Does anyone know any solution or is working on one? Unfortunately, the keychain support is a custom patch by Apple that is not in the upstream sources. The patch will only be applied when installing it with the +gsskex variant, however, I have not tested it myself. Personally, I usually use /usr/bin/ssh because of the keychain integration, but I have the following lines in my ~/.ssh/config that stop /opt/local/bin/ssh from choking on the unknown options: IgnoreUnknown AddKeysToAgent,UseKeychain AddKeysToAgent yes UseKeychain yes Hope that helps, Rainer
OpenSSH with Mac Keychain
Hi, I am running into an issue with OpenSSH which does not remember the passphrase of my private key. When I ssh to a remote host using public/private key authentication, a dialog box asking for the passphrase pops up. I enter the passphrase *and* tick the box to ask Keychain to remember my passphrase. After that, I can successfully log into the remote system, but there is a message: "Could not add identity: /Users/my_username/.ssh/id_rsa”. I can continue to log into the remote system without entering again the passphrase. However, once I completely log out of my Mac and re-log into my Mac, the terminal does not remember my passphrase anymore. After googling around, it seems that the Mac native SSH has added a new SSH keyword “UseKeychain”, while the MacPorts version does not have this keyword and is having problem talking to Keychain. I cannot find any solution to this. Does anyone know any solution or is working on one? == ProductName:Mac OS X ProductVersion: 10.12.6 BuildVersion: 16G1212 Darwin ***.***.***.edu 16.7.0 Darwin Kernel Version 16.7.0: Thu Jan 11 22:59:40 PST 2018; root:xnu-3789.73.8~1/RELEASE_X86_64 x86_64 Xcode Version 9.2 (9C40b) MacPorts 2.4.2 openssh @7.6p1_1+gsskex+kerberos5+xauth openssh @7.6p1_2+gsskex+kerberos5+xauth (active) openssl @1.0.2m_0 openssl @1.0.2n_0 (active) == Very much appreciated. Sincerely, Chao-Chin Yang Postdoctoral Scholar Department of Physics and Astronomy University of Nevada, Las Vegas, U.S.A.