Set up SSH Agent on Login

mpf writes "This is a simple procedure to allow you to be prompted at login for your SSH passphrase and have it optionally stored in your Mac OS X Keychain, so you'll never have to enter your passphrase again! It allows you to use ssh from AppleScripts and other non-interactive applications without entering your passphase." Nice idea. It combines two pieces of software, one that starts ssh-agent on login, and one that gets called to provide your ssh passphrase when needed (which can store/retrieve it in the Keychain). There's a small AppleScript to call ssh-add on login, to tie it all together.

Re:secure shell?

[BigBir3d]

so what you are saying is when your laptop is stolen, you are completely covered? i think not.

Re:Pattern of making OSX like OS 9

[jkujawa]

I don't think this is so much a password-free login as single sign-on. The keychain database is unlocked when the user logs in, and from then on, any applications which have been allowed to use it can get their registered passwords from the database, without having to ask the user.

Some people like single sign-on, others don't. Personally, I like its convenience. I think it should be done correctly, the database should, for instance, be relocked when the screen is locked, but it's a good solution for users, if used carefully.

Re:A worring idea.

[Lazaru5]

All your points are mostly valid except for saying it's an excuse not to have to remember passwords. Why then do ssh-agent/ssh-add exist at all? Having all apps be able to access SSH_AUTH_SOCK and SSH_AGENT_PID is a good thing. It's ok to question this implementation, but the goal is a good one.