Leopard finally supporting ssh-agent at login
In previous iterations of the feline OS we had to rely on SSHKeyChain in order to get a working ssh-agent setup that was global to all applications and not only for the current bash instance.
With Leopard the environment variable $SSH_AUTH_SOCK is set automatically, and the ssh-agent is managed by launchd (I think). SSHKeyChain may still prove useful for setting up tunnels, but I see no point in waiting for yet another application to start at login.
If you have been using SSHKeyChain you must remember to go into it’s Preferences and Uncheck the “Manage (and modify) global environment variables” ticker, otherwise SSHKeyChain will override the OS settings – even if it’s not running.
The actual adding of ssh keys is a bit non-intuitive for people used to doing ssh-add. Just using ssh-add <keyfile> will only add the keyfile to the current session. If you want to never type your passphrase again, but let ssh-agent get your passphrase from Keychain every time you try to use the ssh key/identoty file you need to have a few things in place:
* Your <identity>.pub must be present in the remote accounts $HOME/.ssh/authorized_keys file
* You may use this syntax from the command line to add the key: ssh -i <identity file> user@host . I guess you may do this from the Keychain Access application in some way too, but I was not able to find out how. There must be a slicker way.
So, I used this command in my terminal to add my “lolcats” private key/identity to my Keychain:
ssh -i lolcats firstname.lastname@example.org
And up came this dialog window, voilá: