How to disable SSH passphrase keychain saves in OS X Sierra

I like having my SSH passphrase stored for the duration of my MacBook session, so that I don't have to keep entering it every time I SSH into a server, but when I restart my computer I want to have to enter it again (I don't want my passphrase encrypted and stored on disk in the keychain). This wasn't the case until I upgraded from Mountain Lion to Sierra; ever since then, it has been permanently storing my passphrase in my keychain. I can open the keychain preferences and delete my SSH passphrase, but the next time I SSH into a server and it prompts me for my passphrase, it is immediately added to the keychain again.

How can I get back to what I had with mountain lion, where my passphrase would be stored for the duration of my MacBook session, but then I would need to reenter it the next time I turn my MacBook on again.


Solution 1:

There is a new option UseKeychain in Sierra, which defaults to yes and which is a reason for this behavior. If you do not like that, edit the configuration in ~/.ssh/config (or create this file):

UseKeychain no
AddKeysToAgent yes

The second option will tell the SSH agent to store the keys, which has the same result as if you had used ssh-add to enter your passphrase beforehand.