_kud's tech blog

Every time you want to use ssh, macOS asks you your passphrase? This is the fix.

Since Sierra (macOS), I've got this annoying question when I want to connect to a server via ssh:

1$ ssh kud.io
2Enter passphrase for key '/Users/kud/.ssh/id_rsa':

It asks you your passphrase.

Ugh? Usually it is saved in Keychain. But it doesn't work anymore.

However, there's a solution not to have to $ ssh-add -K every time you start a shell and want to connect with ssh.

Just add these lines to your ~/.ssh/config line and it forces the SSH daemon to use Keychain.

1Host *
2 UseKeychain yes
3 AddKeysToAgent yes

The reason is that the latest updates comes bundled with an updated OpenSSH package that changes some default behaviour.

1Prior to macOS Sierra, ssh would present a dialog asking for your passphrase and
2would offer the option to store it into the keychain. This UI was deprecated
3some time ago and has been removed. Instead, a new UseKeychain option was
4introduced in macOS Sierra allowing users to specify whether they would like for
5the passphrase to be stored in the keychain. This option was enabled by default
6on macOS Sierra, which caused all passphrases to be stored in the keychain. This
7was not the intended default behavior, so this has been changed in macOS
810.12.2. OpenSSH updates in macOS 10.12.2