The version of ssh that ships with Mac OS X is quite old. If you want a more recent version to use, for instance, ECDSA or ED25519 keypairs you can install a more recent version of ssh using MacPorts with sudo port install openssh +gsskex.
Unfortunately, OS X won’t remember your fancy ECDSA or ED25519 key passwords in the KeyChain. This is because the old ssh-agent is running in the background. This is how to run MacPort’s ssh-agent:
- Don’t forget to install
opensshwith the+gsskexvariant. Otherwisessh-agentwon’t even try to talk to the KeyChain. - Run
launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plistto disable Mac’s oldssh-agent. Note: run this under your user account — not as root. - Copy
/System/Library/LaunchAgents/org.openbsd.ssh-agent.plistto~/Library/LaunchAgents/org.macports.ssh-agent.plistand open the copy in an editor. In the copy, replace/usr/bin/ssh-agentwith/opt/local/bin/ssh-agentandorg.openbsd.ssh-agentwithorg.macports.ssh-agent. - Run
launchctl load -S Aqua -w ~/Library/LaunchAgents/org.macports.ssh-agent.plistto enable thessh-agentfrom MacPorts. Again, run this as under your user account — not as root. - Logout and login again.
That should do it. These steps are an updated version of this guide.
The latest version of the mac ports install takes care of the loading unloading for you if you just do “sudo port load openssh” after installing.