ssh-agent and Mac OS X 10.5 Leopard

I’ve been using ssh-agent since I started using Mac OS X (10.1), it being the best combination of security and convenience when using ssh and scp/sftp. During that time I have been using some modifications to my .tcshrc file to start ssh-agent when I log in and set up the ssh environment variables properly.

However, Mac OS X 10.5 aka Leopard now has nice ssh-agent support built-in that my startup file was overriding. I wanted to understand more about the new ssh-agent support in Leopard before I went removing my ssh-agent code. Sure enough, there are a variety of blog posts that explain the situation. This post at Ormset i Noreg explains the situation, and discusses complications if you have been using the open source SSHKeyChain GUI application to manage your ssh-agent under Tiger.

Dave Dribin goes into more depth on exactly what is going on with the keychain. He also has a followup post on how to keep your passphrase stored in a separate keychain to make it less vulnerable that I plan to follow. He also has written some code to support one of SSHKeyChain’s features: removing keys from the agent when the computer is put to sleep.

It would be nice if SSHKeychain was rewritten to be more of a support service for the Leopard SSH stuff, but based on some discussion on the mailing list it appears that the author has been looking for a new maintainer for a few months.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s