pauljohn32
pauljohn32

Reputation: 2265

Macintosh Git SSH key setup

I use Linux, I help some students that have Macintosh. I can coach them through the command line part, but on some Mac setup things I'm helpless.

On a Macintosh, we follow instructions here https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent. We are able to generate SSH keys, upload the public part, and then we can interact with GitHub. We are able to accomplish same in Gitlab servers or BitBucket.

Here is a part I don't understand. In the newer Mac OS, the user accounts don't have ssh-agent launched within each session and the user key is not remembered. As far as I can tell, when a user wants to interact with GitHub or some other Git remote using ssh protocols, it is necessary to run these two lines the terminal:

$ eval "$(ssh-agent -s)"
$ ssh-add -K ~/.ssh/id_rsa

That's tedious, but as far as I can see it is the state of the Mac world. https://github.com/lionheart/openradar-mirror/issues/15361. This is somewhat inconvenient. Even if we put them in a shell script, not awesome.

I'd like to put same in the shell configuration, don't know how.

Linux systems always start ssh-agent for us and we never notice this inconvenience, I gather.

I have asked several more senior Mac users and they say they don't see this problem, that Git and SSH keys just work. I'm trying to find out what is different in their systems. My best guess so far is that they created keys without any passphrases, in which case the thing might work without ssh-agent. I'll ask one of them to try that and see.

If you have other ideas about what to do, I'd appreciate ideas.

Upvotes: 5

Views: 4641

Answers (1)

Ashutosh Jindal
Ashutosh Jindal

Reputation: 18867

Solution 1: Autoloading keys from keychaing to ssh-agent on startup

Try creating the the following LaunchAgent to auto-load all keys. For instance dump the following in ~/Library/LaunchAgents/auto-load-key.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ssh-add-a</string>
    <key>ProgramArguments</key>
    <array>
        <string>ssh-add</string>
        <string>-A</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

Solution 2: (Requires recent versions of openssh) Use AddKeysToAgent SSH config option

Also note that, based on this, with recent versions (>=7.2) of openssh, it is possible to use the following configuration in ~/.ssh/config to do the equivalent of above:

Host *
 AddKeysToAgent yes

This is also worth a read since the accepted answer mentions that the AddKeyToAgent option results in the older OSX behaviour (i.e. passphrase stored until logout or restart)

Upvotes: 4

Related Questions