How to Save SSH Keys between Reboots in macOS

published May 9, 2018

Frustrated on the computer

Is macOS asking you to re-add your SSH keys every time you reboot?

You're not alone.

Fortunately, there's a pretty easy fix. This guide will show you how to stop the madness once and for all.

Adding SSH Keys Manually

Just for reference, here's the command you need to add your SSH key to the ssh-agent manually after a reboot:

ssh-add ~/.ssh/id_rsa_example

Trust me, this gets old fast.

The Fix

To make your SSH keys persist between reboots, you'll need to edit your SSH config file.

Where is the SSH config file?

Usually, it's located at ~/.ssh/config

If that file doesn't exist, create it.

Here's an example SSH config file that persists keys between reboots:

Host *
	AddKeysToAgent yes
	UseKeychain yes

Host example
	HostName example.com
	User myuser
	IdentityFile /Users/myuser/.ssh/id_rsa_example

Let's go over each line

Host * simply means to apply the following settings to every SSH host you connect to.

AddKeysToAgent yes indicates that you want the keys for all hosts to be added to the SSH agent automatically.

UseKeychain yes indicates that you want to save SSH key passphrases in your Keychain. Without this, you'll need to type in your key passphrase every time you reboot. If you don't use key passphrases, you can leave this out.

Host example denotes a new settings block. The word that comes after Host can be used as an alias for the host.

With this configuration, ssh example becomes ssh myuser@example.com

It's a nice little shortcut.

HostName example.com is used to specify the hostname of the SSH server. You can also use an IP address instead of a domain name.

User myuser just tells SSH to try myuser@example.com so the key is applied to the right user.

IdentityFile tells SSH to use the file located at /Users/myuser/.ssh/id_rsa_example for this particular host. This should be the private key.

Other Configuration Options

Of course, your SSH configuration can include tons of other variables, like Port and Compression

For a full list of possible configuration flags, see the man page for ssh_config.

That's it!

Fireworks!

If you've gotten this far, you should be able to reboot your Mac and still have your SSH keys loaded in memory.

It's a simple thing, but I wasn't able to find this information clearly laid out anywhere.

Life is much easier now.

Napping cat

Thoughts? Send me an email at samuel[at]sricks.com or tweet me: @trybravery