Home » Questions » Computers [ Ask a new question ]

How do I ensure that the Mac OS X Terminal asks me for my private-key’s password every time I SSH?

How do I ensure that the Mac OS X Terminal asks me for my private-key’s password every time I SSH?

The only time the Mac OS X Terminal seems to ask for my identity file’s password, is when I restart. I’m fairly paranoid, and this seems insecure; how can I ensure it asks for the password every time I attempt to use the key?

Asked by: Guest | Views: 67
Total answers/comments: 2
Guest [Entry]

The ssh-agent stores these for the lifetime of a session (see the ssh-agent options via 'man ssh-agent'). You can shorten the lifetime of a key added to the agent with 'ssh-agent -t 1' but the ss-agent is started by launchd at system startup. Here is a thread which describes how to deal with the problem: apple-discussion .
Guest [Entry]

"You can set the default (login) keychain to lock on sleep or after a timeout, which also seems to flush the SSH agent.

Open Keychain Access and right-click the login keychain to change settings (I guess you'll want a shorter timeout than me):

Or if you prefer a commandline:

security set-keychain-settings -lu -t 1 # for a 1 second timeout

I was using the org.openbsd.ssh-agent.plist change you've mentioned in the comments, but on El Cap you need to disable System Integrity Protection to do that, which I wasn't crazy about. My solution requires an extra prompt to unlock, but it's the cleanest option I've found so far."