SSH Issues on macOS Sierra and Higher

The following enables you once more to only use ssh without ever having to enter a password or passphrase again in macOS 10.12+ .

# Normal Command

# Command for Debugging
ssh -vvv

SSH Key Creation

# Command
ssh-keygen -t ed25519 -o -a 100

# Output
Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/crstin/.ssh/id_ed25519):
Created directory '/Users/crstin/.ssh'.

Use a secure passphrase like 6R9vcrxn1z17gDn2pUSoXUSHSa2UIK and don't forget to "remember" it.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/crstin/.ssh/id_ed25519.
Your public key has been saved in /Users/crstin/.ssh/

Now there are two files, id_ed25519 &, in ~/.ssh

The key fingerprint is:
SHA256:oobb381Rk0qqKFRAhZs2b3yPztEjCUYYBAB8Pb7yQ/E crstin@machine.local
The key\'s randomart image is:
+--[ED25519 256]--+
|B++oo            |
| .o+ o           |
|  o+o .          |
|  =..o       .   |
| . =o = S . +    |
|  .++=.E o o .   |
| ...*.+o+ o      |
|  .+ =.=.+ .     |
|  ..oo* . o      |

Contents of ~/.ssh



Host *
  ControlMaster auto
  ControlPath ~/.ssh/master-%r@%h:%p
  ControlPersist 2h
  ServerAliveInterval 5
  Compression yes
  UseKeychain yes
  AddKeysToAgent yes

UseKeychain yes is needed for 10.12+

Store your public key on the server inside ~/.ssh/authorized_keys.


(If you don't have it: brew install ssh-copy-id)

Now you're good to go.

sshd_config on the server

Port 64032
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation sandbox
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PrintMotd no
MaxStartups 10:30:60
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256

SSH tldr

Secure Shell is a protocol used to securely log onto remote systems.
It can be used for logging or executing commands on a remote server.

- Connect to a remote server:
    ssh username@remote_host

- Connect to a remote server with a specific identity (private key):
    ssh -i path/to/key_file username@remote_host

- Connect to a remote server using a specific port:
    ssh username@remote_host -p 2222

- Run a command on a remote server:
    ssh remote_host command -with -flags

- SSH tunneling: Dynamic port forwarding (SOCKS proxy on localhost:9999):
    ssh -D 9999 -C username@remote_host

- SSH tunneling: Forward a specific port (localhost:9999 to
    ssh -L username@remote_host

- Enable the option to forward the authentication information to the remote machine (see `man ssh_config` for available options):
    ssh -o "ForwardAgent=yes" username@remote_host