How can I disable SSH KeychainIntegration in OS X Mavericks?

macos keychain ssh

Based on the source code for the current version of SSH that's shipping with Mavericks (located here), it appears that the functionality of the config option KeychainIntegration has not yet been implemented. I'm making this assumption based on the contents of openssh/readconf.h, which does not reference the KeychainIntegration option. It does, however, reference the askpassgui option. Checking the "keywords" struct in that file does indeed show that the keychainintegration option is not present (which in turn implies that the oBadOption (NULL) op code would be returned).

Another clue implying that the functionality you desire is not implemented in the way the man page specifies is the file: openssh/keychain.c. The source code actually shows that the defaults system (i.e., Property List files) is being used to store settings related to KeychainIntegration. Specifically, lines from the store_in_keychain function reference KeychainIntegration:

/* Bail out if KeychainIntegration preference is -bool NO */
if (get_boolean_preference("KeychainIntegration", 1, 1) == 0) {
    fprintf(stderr, "Keychain integration is disabled.\n");
    goto err;
}

Here is the corresponding get_boolean_preference function. Note that it's using CFPreferencesCopyAppValue to obtain a boolean from the "org.openbsd.openssh" application identifier:

#if defined(__APPLE_KEYCHAIN__)

static int get_boolean_preference(const char *key, int default_value,
int foreground)
{
int value = default_value;
CFStringRef keyRef = NULL;
CFPropertyListRef valueRef = NULL;

keyRef = CFStringCreateWithCString(NULL, key, kCFStringEncodingUTF8);
if (keyRef != NULL)
    valueRef = CFPreferencesCopyAppValue(keyRef,
        CFSTR("org.openbsd.openssh"));
if (valueRef != NULL)
    if (CFGetTypeID(valueRef) == CFBooleanGetTypeID())
        value = CFBooleanGetValue(valueRef);
    else if (foreground)
        fprintf(stderr, "Ignoring nonboolean %s preference.\n", key);

if (keyRef)
    CFRelease(keyRef);
if (valueRef)
    CFRelease(valueRef);

return value;
}

#endif

This might imply that you can disable the KeychainIntegration functionality for yourself by performing this defaults command:

defaults write org.openbsd.openssh KeychainIntegration -bool NO

or to set it for all users:

sudo defaults write /Library/Preferences/org.openbsd.openssh KeychainIntegration -bool NO

Related

How to sync passwords between Chrome and iCloud Keychain
Can my Mac be a wireless speaker?
How do I stop mail from automatically trash meeting invitations?
Remove the Notification Center icon from the Menu Bar
Macbook Air - battery drains while sleeping (but not when shut down)
Only show active windows in the current space in Mac OSX when pressing CMD-Tab
Can i change the default Mac App Store install folder?
Scheduled job not running to completion; event logged with return code 3762504530
Possible to add basic HTTP access authentication via HAProxy?
Netstat continuous refresh (watch changes the output)
How can I list MACs, Ciphers and KexAlogrithms supported by my ssh server?
How to configure Tomcat to only listen to 127.0.0.1?