Use MacPort’s ssh-agent

The version of ssh that ships with Mac OS X is quite old. If you want a more recent version to use, for instance, ECDSA or ED25519 keypairs you can install a more recent version of ssh using MacPorts with sudo port install openssh +gsskex.

Unfortunately, OS X won’t remember your fancy ECDSA or ED25519 key passwords in the KeyChain. This is because the old ssh-agent is running in the background. This is how to run MacPort’s ssh-agent:

  • Don’t forget to install openssh with the +gsskex variant. Otherwise ssh-agent won’t even try to talk to the KeyChain.
  • Run launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist to disable Mac’s old ssh-agent. Note: run this under your user account — not as root.
  • Copy /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist to ~/Library/LaunchAgents/org.macports.ssh-agent.plist and open the copy in an editor. In the copy, replace /usr/bin/ssh-agent with /opt/local/bin/ssh-agent and org.openbsd.ssh-agent with org.macports.ssh-agent.
  • Run launchctl load -S Aqua -w ~/Library/LaunchAgents/org.macports.ssh-agent.plist to enable the ssh-agent from MacPorts. Again, run this as under your user account — not as root.
  • Logout and login again.

That should do it. These steps are an updated version of this guide.