I have used ssh-agent for a long time. I enter my passphrase once, then let ssh-agent handle my ssh sessions.
Last night, I noticed I ssh’d to a box and did not enter my passphrase. I got logged in. I had just rebooted my laptop so I was very concerned about this.
It look at while, but eventually, I discovered the cause. OSX was caching the passphrase.
More interestingly, it was not using Keychain.
- Add this entry to ~/.ssh/config:
Host * UseKeyChain no
- Run this script (referenced in the above mentioned bug report, and found here) to delete the cached entries:
ssh-add -D -K for f in ~/Library/Keychains/*/keychain-2.db; do sqlite3 $f "delete from genp where agrp = 'com.apple.ssh.passphrases';"; done