The version of ssh that ships with Mac OS X is quite old. If you want a more recent version to use, for instance, ECDSA or ED25519 keypairs you can install a more recent version of ssh using MacPorts with sudo port install openssh +gsskex.
Unfortunately, OS X won’t remember your fancy ECDSA or ED25519 key passwords in the KeyChain. This is because the old ssh-agent is running in the background. This is how to run MacPort’s ssh-agent:
- Don’t forget to install
opensshwith the+gsskexvariant. Otherwisessh-agentwon’t even try to talk to the KeyChain. - Run
launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plistto disable Mac’s oldssh-agent. Note: run this under your user account — not as root. - Copy
/System/Library/LaunchAgents/org.openbsd.ssh-agent.plistto~/Library/LaunchAgents/org.macports.ssh-agent.plistand open the copy in an editor. In the copy, replace/usr/bin/ssh-agentwith/opt/local/bin/ssh-agentandorg.openbsd.ssh-agentwithorg.macports.ssh-agent. - Run
launchctl load -S Aqua -w ~/Library/LaunchAgents/org.macports.ssh-agent.plistto enable thessh-agentfrom MacPorts. Again, run this as under your user account — not as root. - Logout and login again.
That should do it. These steps are an updated version of this guide.