Where are my SSH keys used for authentication being stored on Mac OS X if not in .ssh?
I'm trying to set up ssh to work with git on Mac OS X, and I can't find my keys. I tried generating new keys, using existing keys, copying exactly the same ~/.ssh directory used by git on my Windows machine, and nothing made any difference on the Mac.
I've had an ssh key I've used for some time to access my server from the Mac, which I thought was the id_rsa/id_rsa.pub pair in ~/,ssh. When I moved the ~/.ssh directory out of the way to check my assumption that this was where ssh was getting the keys and then tried ssh (from Terminal) to my server, it didn't recognize the host, as I expected since known_hosts was moved, but I still got in to the server without a password.
So it must still be using a secret key corresponding to one of the authorized public keys on the server, not just a session key, so it's not the scenario here, but where is it getting it if not from ~/.ssh?
Solution 1:
Any chance you once did something like
ssh-add -K ~/.ssh/id_rsa
to add your SSH private key to your OS X Keychain? For several years now (since about Mac OS X 10.5 Leopard), thessh
client in OS X knows how to retrieve SSH keys from the Keychain. Use/Applications/Utilities/Keychain Access.app
to search your Keychain for anything with "ssh" in the name.Any chance you set up the third-party SSHKeychain app (icon looks like a puffer fish) to do this for you pre-Leopard, and you're still running it today?
Any chance you've forgotten that you once set up
ssh-agent(1)
, and maybe your shell startup scripts on your Mac are starting the agent and doingssh-add(1)
for your keys that exist in a different location?Any chance you've edited
/etc/ssh_config
to add extraIdentityFile
entries to look for keys in another location?Any chance...umm...your account on the remote machine doesn't require a password?