Last Updated: February 25, 2016
·
423
· pauld

SSH + Keychain

You already know that having an empty passphrase for your SSH key is a bad idea - unless, I suppose, you don't care about the server you're using to authenticate against.

Even so, bad form. Bad form.

But, passphrases can be annoying to type - especially if you're making them secure by giving them some serious length.

So, at least for our OS X friends, I present ssh-agent, ssh-add, and the -k tag.

ssh-add -k /path/to/your/key
ssh keyuser@remoteserver

Now, the next time keyuser goes to log in to remoteserver, Keychain will pop up to ask your passphrase. There, you'll have the opportunity to save your passphrase in the keychain.

I go ahead and leave the passphrase in the login keychain - with this setup, I'll probably never need to retype the passphrase. But if you like, you can use a setup like Dave Dribin's, which allows you move this key into a password-protected keychain. For me, I don't typically worry about going that far; my computer is locked whenever I walk away from it, so the security is sufficient for me.