First cool thing that everybody knows already: Mac OSX is based on Unix so you get ssh out of the box.

Second cool thing you may not know: OS X 10.5 actually also comes with an ssh key agent (ssh-agent). That means that, without any additional software (like PuTTY Agent on Windows…), Mac OSX can actually load an encrypted private key into memory and remember it for all subsequent connections…

Third cool thing that almost seems too good to be true: ssh-agent can store the passwords of the encrypted keys into your keychain. Than means that you have to tell it once to remember the decryption password for your key(s) like this:

ssh-add -K .ssh/id_whatever_your_rivate_key_is

And next time you log into your mac and try to ssh somewhere, your private key will be loaded automagically (as long as your keychain is unlocked of course).

Very groovy!!


Comments from long ago:

Comment from: srini

Hi,

This is regarding SSH on MAC OSx 10.6. I have a WIN and a MAC box as SSH clients. I am required to login to a SSH enabled server LINUX1 from both these MAC and WIN boxes. Now I have another LINUXJump box which can be used as an intermediate jump box to ssh to LINUX1 from either MAC or WIN hosts. I have no issues logging in using ssh from WIN and MAC directly to LINUX1 host…but when I use the LINUXJump box as an intermediate host to ssh to LINUX1…I have a problem. From WIN box (using Putty with pagent), everything is fine…I am able to login to LINUX1 after getting onto the LINUXJump host. From MAC box, although I am able to ssh to LINUXJump host…but when I want to ssh to LINUX1 from LINUXJump host…I am getting an error indicating “permission denied (public key)”. I am getting similar error when I am stopping the pagent on WIN machine and trying to ssh from WIN to LINUXJump and then to LINUX1. I observed that when pagent is not running both the MAC and WIN have the same issue. Doesnt make sense as I can directly ssh to LINUX1 from both MAC and WIN hosts.

I ran the ssh login using verbose to see whats going on when pagent is not running…the difference is that on WIN when pagent is not running and on MAC all the time…once the authentication method is determined as keyboard interactive and public key…WIN machines offers public key…whereas MAC and WIN without pagent running will skip and look for pvt key id_rsa instead which is not available on the intermediate host LINUXJump and fails. I do not understand whats going on here. I read in some forums that we can use keychain to save the pvt key password and it will pass on the password to next sessions. Tried that but didnt work.

Please let me know if you need more info. Thanks.

2010-08-28 06-55

Comment from: Jake

Worked perfectly. Thanks!

2011-01-07 18-18

Comment from: Jeff

I wouldn’t call this “amazing” necessarily…more like one of the annoying things about OSX that makes some users wish they were just on a regular Linux box.

The notion of a keychain itself is extraneous if you already have a .ssh directory for each user. Linux loads all keys from that directory “automagically” by default in its ssh client, no need to even run ssh-add.

2011-07-16 22-43

Comment from: zencoder

You saved me a lot of nerve!

2015-06-27 07-10

Comment from: Lance Ennen

THANK YOU! I was trying ssh-add with out -K. This saved me too!

2017-01-25 15-10