SSH Passphrases should be visible in Keychain Access
| Originator: | mkfmnn | ||
| Number: | rdar://29942732 | Date Originated: | 09-Jan-2017 |
| Status: | Duplicate/28657768 | Resolved: | 16-Jan-2017 |
| Product: | macOS + SDK | Product Version: | 10.12 |
| Classification: | Reproducible: | Always |
Area: Something not on this list Summary: Apple OpenSSH in macOS 10.12 and later stores ssh private key passphrases in the syncable (iCloud) keychain, instead of the standard login keychain. There is apparently currently no way to recover a forgotten passphrase as the keychain item does not appear in Keychain Access and cannot be accessed with the security command-line tool. Steps to Reproduce: 1. Generate a passphrase-protected SSH key: `ssh-keygen -f ~/id -N 12345` 2. Add the key to ssh-agent: `ssh-add -K ~/id`, type the passphrase '12345'. 3. Open Keychain Access and search for "ssh" Expected Results: I expect to be able to see a keychain item for the just-added key, and to be able to expose the key passphrase after entering my account password. Actual Results: The entry for the ssh key does not appear in the list of keychain items. Version: Reproduced on 10.12.2 (16C67) Notes: The change in Sierra to ignore the old stored passphrases and hide the new ones has caused a fair amount of confusion: https://apple.stackexchange.com/q/253779 https://apple.stackexchange.com/q/254902 https://apple.stackexchange.com/q/255701 https://apple.stackexchange.com/q/265131 https://reddit.com/comments/52zn5r/_/d8galmk https://github.com/jirsbek/SSH-keys-in-macOS-Sierra-keychain/blob/master/README.md#problem Configuration: All computers running macOS 10.12+ Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!