Using An SSH Agent In Mac OS X

SSH agent allows a user to enter their passphrase(s) for unlocking various SSH keys once at the start of a session to unlock the keys and from then on for the duration of the session the user no longer has to enter the pass phrase(s).

Conventionally setting up SSH agent for use is a bit of a pain as it has to be run before the user session is started.

Mac OS X Leopard modifies SSH agent so that it is started via the Mac OS X launchd service on demand (i.e. it will be launched on first use).

Going even further, Mac OS X Leopard modifies the SSH tools to support storing the pass phrases in the user's Keychain. This means that if the user chooses to store their pass phrase(s) in the Keychain they never need to enter their pass phrase again once they have added it to their Keychain.

Enabling SSH Agent To Launch On Demand

This is important only if you're on Mac OS X Leopard 10.5.1 or below. If you're on anything newer, you no longer need to do this, so feel free to skip this step and go straight onto Storing Passphrases in the Keychain below.

To enable SSH agent starting automatically on demand (this happens by integrating SSH agent with launchd) you need to open a terminal and run:

$ sudo touch /var/db/useLS

Then you need to reboot. (Yes, you really need to reboot, there is no way around it!)

From now on, whenever you cause something needing the SSH agent to run, the SSH agent will automatically be launched if it is not running already.

Storing Passphrases in the Keychain

To store the passphrase for your default key in the Keychain open a Terminal and run:

$ ssh-add -K

And to store the passphrase for a different key run:

$ ssh-add -K /path/to/private/key/file

When prompted for your passphrase enter it and that is it.

You will never need to run ssh-add nor enter your passphrase again.