After upgrading to macOS Sierra and using SSH to login to an SSH server, I noticed that the passphrase for my SSH key has been permanently remembered by the system. That is, after rebooting the system, SSH still knows the passphrase for my SSH key, such that I do not need to enter any passphrase to log in to my SSH hosts anymore. This permanent storage of my passphrase was done by default without prompting me, and I cannot find any documentation for this new default feature, so I have no idea how to disable it to restore the original El Capitan behavior that I prefer.
As far as I can tell, `ssh-add` is not able to manage this storage of my passphrase. `ssh-add -l` reports that "The agent has no identities." even after having just used SSH to log into a server without using my passphrase. Running `ssh-add -D` reports "All identities removed." but that isn't actually true, because I'm still able to log into my SSH servers without entering my passphrase.
Indeed, I have no idea where in the system my passphrase has been stored. I assume it has been stored somewhere in the keychain, but if so, I cannot find it using the usual methods:
$ security find-generic-password -s SSH
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
$ security find-generic-password
[.. this is the only generic password found, and it has nothing to do with SSH ..]
Steps to Reproduce:
1. upgrade to macOS Sierra
2. run `ssh-keygen` to generate a new SSH key at the default file location, `/Users/username/.ssh/id_rsa` with a passphrase
3. add the newly-generated public SSH key to the `authorized_keys` file on some SSH server (say, `example.com`)
4. run `ssh example.com`
5. enter the passphrase for the new SSH key and confirm login success
7. run `ssh example.com`
8. run `ssh-add -l`
After rebooting, I expect running `ssh example.com` to ask for my passphrase again. This was the default behavior on El Capitan and prior. Also on El Capitan, the remembered identities could be managed by `ssh-add` such that running `ssh-add -l` shows the identities that have been learned by `ssh-agent`, and running `ssh-add -D` causes those identities to be forgotten, such that the passphrase is required upon the next attempt to use SSH. On macOS Sierra, running `ssh-add -l` in step 8 reports "The agent has no identities."
In other words, I expect macOS to not remember my passphrase by default. I'm aware that I can optionally run `ssh-add -K` to cause my passphrases to be stored in the keychain, so that I can later run `ssh-add -A` to load those identities into `ssh-agent`. But I have never used the `-K` or `-A` options to `ssh-add`, because I do not wish my passphrase to be remembered by the system.
After rebooting, running `ssh example.com` logs into the SSH server without requiring my passphrase be entered.
macOS Sierra version 10.12.
$ /usr/bin/ssh -V
OpenSSH_7.2p2, LibreSSL 2.4.1
Bug rdar://27348363 filed by Karoly.Lorentey seems to be related:
But I'm confused, because that bug seems to be complaining about the opposite: that ssh-agent is NOT remembering the passphrases automatically across reboots like it did in El Capitan. Apple Developer Relations explained that this is the new expected behavior, and to run `ssh-add -A` in an rc script to cause the keys to be automatically loaded. The behavior that Lorentey complained about is actually the behavior I *prefer*, so I don't understand why macOS Sierra behaved differently for him.