Use OpenSSH agent instead of the OSX agent

homebrew ssh launchd

Solution 1:

ssh-agent, the system builtin one, is run as a system daemon started by /System/Library/LaunchAgents/com.openssh.ssh-agent.plist. Cause the service plist is located in /System/Library/LaunchAgents, it mean it's impossible to disable it unless you break SIP, which is not recommended.

The macOS version ssh-agent is built with additional KeyChain support compared with the standard one. The best solution is to use the keychain.

First, uninstall the homebrew-installed SSH, brew uninstall openssh.

Secondly, configure the SSH to use password from Keychain.

Host *
AddKeysToAgent yes
# use the password stored in keychain
UseKeychain yes
IdentityFile ~/.ssh/id_rsa

Thirdly, add the key and password into Keychain.

ssh-add -K ~/.ssh/id_rsa

In this solution, we keep the password into Keychain and configure OpenSSH to load password for the key from Keychain.

References

  • OpenSSH updates in macOS 10.12.2

Related

Why doesn't defaults read` work for obtaining ShadowHashData key in user.plist?
Is there a USB-C PoE adapter for iPad Pro?
Two entries with identical name and inode in same directory?
Menu bar finder scripts always missing
How to "Divorce" Macbook's original Apple ID?
AppleScript to Choose Files from Folder Automatically
Large amount of disk used by "System". Time machine not to blame. What's taking up so much space?
How can I whitelist applications for users?
MacOS is showing a badge notification on System Preferences. How can I make it disappear? [duplicate]
Can the Apple T2 chip be used as a TPM to enable BitLocker?
Battery Drain on MacBook Pro (2018) on Catalina when sleeping
Photos on Catalina will only export recent images