.ssh/config: "Bad configuration option: UseKeychain" on Mac OS Sierra 10.12.6

I am trying to set up my ssh config on the Mac (Mac OS Sierra 10.12.6) in such a way that it stores the passphrase for my ssh key in the keychain. Previously I could do that with

ssh-add -K ~/.ssh/id_rsa

But recently this doesn't seem to work anymore. Following this article there seems to be a change in the behaviour of the ssh config in Mac OS > 10.12.2 and the recommended way to fix this issue is to add UseKeychain yes to your ssh config. So here's my .ssh/config section the Host *:

Host * Port 22 ServerAliveInterval 60 ForwardAgent yes IdentityFile ~/.ssh/id_rsa AddKeysToAgent yes UseKeychain yes

When trying to ssh to a foreign host, I get the following error message:

$ ssh my-host
/Users/USER/.ssh/config: line 16: Bad configuration option: usekeychain

Any ideas why this happens and how I can fix it? Thanks!

1

6 Answers

Try to specify another option, namely IgnoreUnknown like below:

Host * IgnoreUnknown UseKeychain UseKeychain yes

You can find more info about this here.

If you already have an IgnoreUnknown value, use comma separated values

Host * IgnoreUnknown AddKeysToAgent,UseKeychain AddKeysToAgent yes UseKeychain yes

If you have multiple Host configs that use the UseKeychain option, make sure to put

Host * IgnoreUnknown UseKeychain

before the first host that uses the the option, e.g. put it at the top of the file.

7

The accepted answer helped me but did not completely solve my problem because I had multiple options that were bad. Here is an example of what it might look like if you have this issue:

Host * IgnoreUnknown AddKeysToAgent,UseKeychain AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
3

Instead of ssh-add type ‘open .ssh/id_rsa’ and add it to the keychain

The UseKeychain option never appeared as bad on my config, but I have in the beginning, before any other host, the following

Host *
UseKeychain yes
Host (...)
2

I just commented out the line and scp/ssh started working for me again.

3

It's the capital -K try lowercase -k!!

ssh-add -k ~/.ssh/id_rsa
Enter passphrase for /Users/tom/.ssh/id_rsa:
Identity added: /Users/tom/.ssh/id_rsa (/Users/tom/.ssh/id_rsa)
1

I had the same issue and i realized that when started to generate the key by following the instructions. The first step is this.

ssh-keygen -t rsa -b 4096 -C ""

I didn't change the email address but of course I have forgotten to do that :D. So make sure to not forget that step and all will be fine.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like