How to Save Your SSH Key Passphrase to Your Apple Keychain On MacOS
- Danilo Stern-Sapad
- Technology , Tutorials
- June 21, 2023
Did you just upgrade macOS only to find that when you’re pushing or pulling changes from GitHub, it’s requesting you to “Enter passphrase for key ‘/Users/username/.ssh/id_ed25519’:” where username is your username and id_ed25519 is your private key.
Frustrated because all the guides on saving your SSH key passphrase to your Apple Keychain are outdated or missing key instructions? Been there, done that — that’s why this tutorial exists.
So how do I fix this?
How to Store Your SSH Private Key Passphrase in Your Apple Keychain
Open up the Terminal application under Finder → Applications → Utilities → Terminal
If you’re using macOS Monterey or macOS Ventura, type this into Terminal:
ssh-add --apple-use-keychain --apple-load-keychain ~/.ssh/id_ed25519
Where id_ed25519 is your private key. Hit the return key once you verify you’re using the correct private key.
In macOS Sierra or older, type this into Terminal:
ssh-add -KA ~/.ssh/id_rsa
Again, id_rsa should be your private key. Verify this, then hit return.
Enter your private key passphrase, and you shouldn’t be asked for it again as long as you follow the directions in the next section.
How to Configure Your SSH-Agent to Always Use Your Apple Keychain
If your operating system is older than macOS Sierra, you don’t need to follow this step.
Unfortunately, macOS Sierra and above eliminated the behavior of retaining your keys between logins, and the SSH update now bypasses the keychain by default.
Follow the steps below to fix this issue:
Make sure you’ve correctly followed the instructions on How to Store Your SSH Key Passphrase in Your Apple Keychain above. Just try pushing or pulling from GitHub and see if it still prompts you for your private key passphrase.
You’ll need Terminal again for the following commands. So reopen it if you’ve closed it.
Make sure you have a ~/.ssh/config file. You can check this by entering the test -f ~/.ssh/config && echo "File exists." into Terminal.
If the words “File exists.” aren’t returned by the previous command, create a file named config. You can do this by typing touch ~/.ssh/config and hitting the return key.
Now enter nano -w ~/.ssh/config into Terminal and make sure the file looks like this:
Host *.github.com
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Change ~/.ssh/id_ed25519to the actual filename of your private key. If you have other private keys in your ~/.ssh directory, add an IdentityFile line for each. For example, if you have an old private key like id_rsa, add IdentityFile ~/.ssh/id_rsa.
Don’t forget the UseKeychain yes part as it instructs SSH to fetch the key passphrase from your Apple keychain.
If you wish to save your SSH key passphrase for all hosts (not just GitHub), change the Host *.github.com line to Host *
Now you will close and save your SSH config file: hit control x to exit, then type y, and hit return to save your changes.
Congratulations!
Your SSH connections will now use the specified private keys, and the passphrases will be fetched from your Apple keychain. Say goodbye to having to type your SSH private key passphrase every single time you interact with GitHub.
