Saving SSH keys in macOS Sierra keychain
Switch branches/tags
Nothing to show
Clone or download
jirsbek Merge pull request #16 from jkukul/patch-1
"ssh-add -K" actually adds keys to the keychain
Latest commit 9d3420c Jul 19, 2018

Saving SSH keys in macOS Sierra keychain

Source links


As described in detail on, macOS/OS X till Yosemite used to remember SSH keys added by command ssh-add -K <key>.

Unfortunately this way no longer works. Keys added to the keychain via ssh-add -K are not automatically re-added to the ssh-agent after a reboot. As Apple Developer stated:

"That’s expected. We re-aligned our behavior with the mainstream OpenSSH in this area."


Solution 1 (recommended)

Apple updated its Technical Notes to indicate that since 10.12.2, macOS includes version 7.3p1 of OpenSSH and its new behaviors.

In ~/.ssh create config file with the following content:

Host * (asterisk for all hosts or add specific host)
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile <key> (e.g. ~/.ssh/userKey)

Solution 2

After usage of ssh-add -K <key> (it's recommended to use absolute path of keys) call the command ssh-add -A on every startup of macOS.

To automate this, add a .plist with the following content to the path ~/Library/LaunchAgents/:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

<!-- @@@@LingonWhatStart:ssh-add -A@@@@LingonWhatEnd -->


  • Create this file with the Lingon app.

  • Use curl to download the .plist file to the stated path:

    curl -o ~/Library/LaunchAgents/ssh.add.a.plist


If you have issues with ssh-add: illegal option -- K after using the ssh-add -K command, you may use the full path of the command /usr/bin/ssh-add.