I’ve been using ssh-agent since I started using Mac OS X (10.1), it being the best combination of security and convenience when using ssh and scp/sftp. During that time I have been using some modifications to my .tcshrc file to start ssh-agent when I log in and set up the ssh environment variables properly.
However, Mac OS X 10.5 aka Leopard now has nice ssh-agent support built-in that my startup file was overriding. I wanted to understand more about the new ssh-agent support in Leopard before I went removing my ssh-agent code. Sure enough, there are a variety of blog posts that explain the situation. This post at Ormset i Noreg explains the situation, and discusses complications if you have been using the open source SSHKeyChain GUI application to manage your ssh-agent under Tiger.
Dave Dribin goes into more depth on exactly what is going on with the keychain. He also has a followup post on how to keep your passphrase stored in a separate keychain to make it less vulnerable that I plan to follow. He also has written some code to support one of SSHKeyChain’s features: removing keys from the agent when the computer is put to sleep.
It would be nice if SSHKeychain was rewritten to be more of a support service for the Leopard SSH stuff, but based on some discussion on the mailing list it appears that the author has been looking for a new maintainer for a few months.