OpenSSH macOS keychain support

Hi folks, I see that the Homebrew version of OpenSSH does not support the macOS keychain currently, but that it once did via openssh --with-keychain-support.

I also see in the formula a comment:

# Please don't resubmit the keychain patch option. It will never be accepted.
# https://github.com/Homebrew/homebrew-dupes/pull/482#issuecomment-118994372

However, that link is broken, and I can’t find it saved in e.g. the Wayback Machine, so I don’t know what the reasoning was for removing that option. Since it’s old enough that the documentation is gone, I’m hoping that it might be worth re-opening the discussion :wink: Does anyone here remember why we don’t have keychain support in homebrew OpenSSH? Is there any hope of getting it back again?

Alternately, does anyone know how to add keychain support to the Homebrew OpenSSH manually? I’ve been looking at an old tutorial to manually fix it, but it’s outdated enough that I’m afraid to try it.

2 Likes

The main reason this (and such things) were removed is because long-running patches that will never be accepted upstream are a security risk and essentially technical debt. I’d suggest that this gets submitted upstream.

1 Like

Question: When you mean keychain support, are you referencing using this in your .ssh/config to call any passphrases for your keys?

Host *
       UseKeychain yes
       AddKeysToAgent yes

I’m just using the macOS builtin SSH. Whats the advantage of using the brew OpenSSH version?

Thanks

@skyfaller Here’s an archived snapshot of the discussion.

1 Like