SVN+SSH, not having to do ssh-add every time? (Mac OS)

Asked 15/12, 2009 at 19:10 Answered 24/6, 2018 at 20:28

108

I know the answer is out there, but I'm pretty Unix-dumb and probably wouldn't recognize the solution if it hit me in the face.

I'm on a Mac, connecting to a SVN server via SSH tunneling. I have to ssh-add privateKey.txt every time I want to connect to the SVN server (Both Cornerstone and Xcode are connecting to SVN).

Is there a way to "save" the key somewhere so I don't have to do this every time? Add it to my Keychain? Some config file? Start up script?

Couthie answered 15/12, 2009 at 19:10 Comment(0)

173

First, move your private key file into ~/.ssh. This is not strictly necessary but it's the standard place for such things.

Then run ssh-add -K ~/.ssh/privateKey.txt. It'll prompt for your passphrase if necessary, then add it to your Keychain.

After that, you shouldn't have to do anything else. A slightly longer explanation is available here.

Shitty answered 16/12, 2009 at 3:18 Comment(4)

I figure it's worth noting explicitly that this is a Mac thing, not a universal Unix thing. On Ubuntu, ssh-add can't take a -K argument. – Jataka 14/1, 2014 at 14:48

I'd like to note that while the linked article is for Leopard, this still works in OS X Mavericks. – Patricia 14/5, 2014 at 14:38

For some reason when I do -K I still have the problem after restart – Building 29/9, 2016 at 21:0

Are you on macOS Sierra? The behavior has changed and you now need to explicitly add your keys to ssh-agent on login: github.com/jirsbek/SSH-keys-in-macOS-Sierra-keychain – Shitty 1/10, 2016 at 0:1

Storing Passphrases in the Keychain

To store the passphrase for your default key in the Keychain open a Terminal and run:

ssh-add -K

And to store the passphrase for a different key run:

ssh-add -K /path/to/private/key/file

When prompted for your passphrase enter it and that is it.

You will never need to run ssh-add nor enter your passphrase again.

Answer taken from this site: http://www-uxsup.csx.cam.ac.uk/~aia21/osx/leopard-ssh.html

Ike answered 26/7, 2012 at 15:49 Comment(0)

After much exploration, I think I've found the answer to this issue completely. First, make sure you do ssh-add -K ~/.ssh/your_key_here. This adds the key to your keychain. Some places, I have read that this is enough, but I wasn't certain. This is also mac-specific, so if you need to do this on another unix flavor, you won't have this option necessarily.

For good measure, I edited the ~/.ssh/config file (you may have to create it) to point to all the keys I have. Mine has the following:

IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa 
IdentityFile ~/.ssh/my_other_identity_here
IdentityFile ~/.ssh/yet_another_identity_here

According to the man page for ssh_config, it will try these in order. I'm not sure if the first three default ones I have listed need to be there, but I have included them anyway.

Merri answered 11/10, 2011 at 17:23 Comment(4)

There is no -K flag on mac os x for ssh-add – Sherrilsherrill 16/11, 2015 at 10:52

There is a -K flag on OS X for ssh-add. Additional to that, this should be the selected answer. – Sudorific 8/12, 2015 at 13:54

Make sure you use /usr/bin/ssh-add the homebrew provided /usr/local/bin/ssh-add doesn't provide the -K option. – Grater 19/9, 2016 at 12:10

Once the ~/.ssh/config is there, no need to run the ssh-add command everytime after reboot the machine. – Eulogy 16/11, 2016 at 4:30

Since macOS 10.12.2 you can use the UseKeychain option. Read more here or look into man ssh_config.

     UseKeychain
         On macOS, specifies whether the system should search for passphrases in the user's keychain
         when attempting to use a particular key. When the passphrase is provided by the user, this
         option also specifies whether the passphrase should be stored into the keychain once it has
         been verified to be correct.  The argument must be ``yes'' or ``no''.  The default is ``no''.

So just do the following:

echo "UseKeychain yes" >> ~/.ssh/config

Estreat answered 26/1, 2017 at 10:33 Comment(1)

This needs to go up. Very important! – Tour 19/6, 2017 at 14:27

I don't have much experience with macs, so not sure if this version is ok for your, but have a look at http://www.phil.uu.nl/~xges/ssh/

If this particular app doesn't work, that's what you're looking for anyways - ssh agent. On unix-like boxes, you'd want to start your whole window manager through that, to get the global effect, but it might not be possible in osx.

Some more info: http://www-uxsup.csx.cam.ac.uk/~aia21/osx/leopard-ssh.html

Assign answered 15/12, 2009 at 19:15 Comment(0)

sshkeychain is one possibility. installs fine with macports using:

sudo port install sshkeychain

it uses the keychain to store passwords, and you may simply launch it at the start-up of your login session (using at the first launch the usual right-ght click in the dock's icon + "launch at startup")

Note that Apple's svn uses keychain to store passwords but not necessarily the svn binary you would build with macports.

Phene answered 21/12, 2009 at 10:8 Comment(0)

Add your key to the keychain by running:

ssh-add -K ~/.ssh/id_rsa

and edit your ssh config (~/.ssh/config) file to automatically load keys from the key chain to the ssh-agent (AddKeysToAgent yes option) and store passphrases in the keychain (UseKeychain yes option):

Host *
 AddKeysToAgent yes
 UseKeychain yes

Archicarp answered 24/6, 2018 at 20:28 Comment(0)

Recommended topics

Hot tags