I am trying to set up my ssh config on the Mac (Mac OS Sierra 10.12.6) in such a way that it stores the passphrase for my ssh key in the keychain. Previously I could do that with
ssh-add -K ~/.ssh/id_rsaBut recently this doesn't seem to work anymore. Following this article there seems to be a change in the behaviour of the ssh config in Mac OS > 10.12.2 and the recommended way to fix this issue is to add UseKeychain yes to your ssh config. So here's my .ssh/config section the Host *:
Host * Port 22 ServerAliveInterval 60 ForwardAgent yes IdentityFile ~/.ssh/id_rsa AddKeysToAgent yes UseKeychain yesWhen trying to ssh to a foreign host, I get the following error message:
$ ssh my-host
/Users/USER/.ssh/config: line 16: Bad configuration option: usekeychainAny ideas why this happens and how I can fix it? Thanks!
16 Answers
Try to specify another option, namely IgnoreUnknown like below:
Host * IgnoreUnknown UseKeychain UseKeychain yesYou can find more info about this here.
If you already have an IgnoreUnknown value, use comma separated values
Host * IgnoreUnknown AddKeysToAgent,UseKeychain AddKeysToAgent yes UseKeychain yesIf you have multiple Host configs that use the UseKeychain option, make sure to put
Host * IgnoreUnknown UseKeychainbefore the first host that uses the the option, e.g. put it at the top of the file.
7The accepted answer helped me but did not completely solve my problem because I had multiple options that were bad. Here is an example of what it might look like if you have this issue:
Host * IgnoreUnknown AddKeysToAgent,UseKeychain AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa 3 Instead of ssh-add type ‘open .ssh/id_rsa’ and add it to the keychain
The UseKeychain option never appeared as bad on my config, but I have in the beginning, before any other host, the following
Host *
UseKeychain yes
Host (...) 2 I just commented out the line and scp/ssh started working for me again.
3It's the capital -K try lowercase -k!!
ssh-add -k ~/.ssh/id_rsa
Enter passphrase for /Users/tom/.ssh/id_rsa:
Identity added: /Users/tom/.ssh/id_rsa (/Users/tom/.ssh/id_rsa) 1 I had the same issue and i realized that when started to generate the key by following the instructions. The first step is this.
ssh-keygen -t rsa -b 4096 -C ""I didn't change the email address but of course I have forgotten to do that :D. So make sure to not forget that step and all will be fine.
1