Introduction to SSHChain

The SSH package provided with Mac OS X includes a utility called ssh-agent. The purpose of ssh-agent is to hold your SSH identities in memory, so that you don't have to repeatedly enter your passphrase for every SSH-related command. You run ssh-agent once, enter your passphrase(s) once, and it takes care of the rest.

Unfortunately, the usual provisions for starting ssh-agent are designed for X11-based windowing systems, and don't integrate too well with Mac OS X. (In particular, they assume that you have a root session which can run user-specified programs, and from which all other processes will inherit their environment. There is also the problem of how to get your passphrases to ssh-agent.)

With the SSHChain utility, you can add your SSH identities and passphrases to the Apple Keychain, and have ssh-agent load automatically each time you log in. The agent will then be available to whatever processes you launch. SSHChain will also terminate the agent when you log out, so that unused agents are not left running.

Specifically, SSHChain does the following:

  1. Launches ssh-agent.
  2. Retrieves the names of your SSH identity files, and their passphrases, from the Apple Keychain.
  3. Uses ssh-add to add each identity to the agent.
  4. Defines the standard SSH_AUTH_SOCK environment variable in a shell file, which can be sourced by your shell startup files. Alternatively, you can choose a fixed socket path and make it available to applications started from the Finder also.
  5. Waits in the background until you log out, at which time it terminates the ssh-agent.
SSHChain Help Setting up SSHChain