Cannot get ssh-add -A to work... keeps saying "No identities found in keychain"

[ghost]

Ok, so I recently upgraded to High Sierra and ran into this fun little issue about SSH keys no longer being saved to the keychain or automatically being added to the ssh-agent...

I have read dozens and dozens of articles, blogs and forum posts and I have tried everything they have suggested to no avail. No matter what I do, whenever I reboot, I am forced to manually run: ssh-add -K ~/.ssh/id_rsa and then manually enter my passphrase, even though my ~/.ssh/config file contains the UseKeyChain yes and AddKeysToAgent yes, and I can see my ssh key and passphrase saved to my login keychain.

I tried to create a .plist file to run ssh-add -A on startup, but I always get the error message: No identity found in the keychain even though I can see it when I run ssh-add -l

JBARKER-01:~ joshua.barker$ ssh-add -l
2048 SHA256:<xxx> /Users/joshua.barker/.ssh/id_rsa (RSA)
JBARKER-01:~ joshua.barker$ ssh-add -A
No identity found in the keychain.

~/.ssh/config

JBARKER-01:~ joshua.barker$ cat ~/.ssh/config
Host *
  IdentityFile ~/.ssh/id_rsa
  UseKeyChain yes
  AddKeysToAgent yes

Host localhost
  UseKeyChain yes
  AddKeysToAgent yes
  HostName localhost
  IdentityFile ~/.ssh/localhost_id_rsa

Host 0.0.0.0
  UseKeyChain yes
  AddKeysToAgent yes
  HostName 0.0.0.0
  IdentityFile ~/.ssh/localhost_id_rsa

I am currently on Mac OSX High Sierra 10.13.4 (17E202) and have OpenSSH_7.6p1, LibreSSL 2.6.2.

As best I can tell, either the SSH agent or the OS is ignoring the SSH key is stored in my keychain and/or is ignoring my config settings.

I have tried everything I can think of... any help would be greatly appreciated... Thanks!

[benpbolton]

If you simplify your ~/.ssh/config to just:

Host *
  IdentityFile ~/.ssh/id_rsa
  AddKeysToAgent yes

and reboot, then ssh add -K ~/.ssh/id_rsa... do you see your entry in the macos login keychain?

Then you should ensure an ssh-add -A comes back clean (I prefer the ssh-add -A plist approach due to ssh-agent forwarding not respecting UseKeyChain)

[ghost]

The key is already in my keychain... that's why I don't understand why ssh-add -A returns the error message about no identities... It's there and I can see it...

[jirsbek]

Have you tried to use your SSH key? After running ssh-add -l till the time I actually use the key my ssh agent also got no identites. After using the key agent lists the keys I have used.

[ghost]

Yes... after adding the key via ssh-add -K, I used ssh -T to connect to github... But this still does not fix my problem...

As an additional step, I removed the key from the mac OSX Keychain app and tried to re-add it using ssh-add -K, but now no matter what I do, I cannot get it back into the OSX Keychain app...

The only thing it seems to do is add the key to the current ssh instance, which as soon as I reboot, is cleared so I have to re-add again... None of the listed "fixes" seem to work for me...

Should I raise a support ticket with Apple?

[jkukul]

and tried to re-add it using ssh-add -K, but now no matter what I do, I cannot get it back into the OSX Keychain app...

@jbarker4682 Is your key passphrase protected? I'm experiencing an issue that ssh-add -K silently doesn't add non passphrase protected keys to the keychain (though it works fine for password protected keys). I'm on High Sierra.

[newtonne]

I'm experiencing an issue that ssh-add -K silently doesn't add non passphrase protected keys to the keychain (though it works fine for password protected keys). I'm on High Sierra.

A workaround for this is to add a passphrase to the key temporarily:

ssh-keygen -p -f ~/.ssh/id_rsa
# when prompted, input a temporary password

Next, add the key to the agent (and Keychain) using ssh-add -K. Then, remove the passphrase from the key:

ssh-keygen -p -f ~/.ssh/id_rsa
# when prompted for a new passphrase, leave it blank

The passphrase-less key can henceforth be added to the agent using ssh-add -A.

[ghost]

So, after many months of no resolution, after upgrading to Mac OS High Sierra 10.13.6, I found out that my KeyChain had become corrupted... Per directions I found here I deleted and recreated it... After this, I was able to add my SSH key's automatically by adding ssh-add -A to a startup plist...

[luca-borrione]

In my case there was a clash between my github email and the enterprise email.
I solved creating the ssh key using the enterprise email
ssh-keygen -t rsa -b 4096 -C "corporate_email@example.com"
as explained in the guide https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

[wpc009]

Do not struggle with this. ssh-add in MacOS only store passphrase in keychain. not the key itself.

[dmoles]

Following up on @wpc009's comment — the "No identity found in the keychain" message means that those passphrases aren't in the keychain (yet). To get them in there, you need to first use ssh-add -K (or ssh-add --apple-use-keychain). After that ssh-add -A (or ssh-add --apple-load-keychain) should work.

[Artein]

Following up on @wpc009's comment — the "No identity found in the keychain" message means that those passphrases aren't in the keychain (yet). To get them in there, you need to first use ssh-add -K (or ssh-add --apple-use-keychain). After that ssh-add -A (or ssh-add --apple-load-keychain) should work.

Your suggestion didn't work out to me. I have macos Monterey 12.1 and 4 ssh keys (respectively added to config file).

[soaresvml]