Does Mac OS X Cache Private Keys for SSH?

Question

I have SSH key-based authentication setup to connect to a remote server from my Macbook Air. The private key was originally stored in ~/.ssh/id_rsa, but I have since moved that file to a secure external HD. I deleted the file from the ~/.ssh directory as well (in theory, no one would be able to connect without the private key on that external HD).

However, when I try to connect to my remote host via ssh (ssh user@12.33.539.295), it happily connects (without the external w/ the keyfile plugged in). It does say "last logged in at" at the prompt, so is my Mac caching the keyfile somewhere?

score 0 · Accepted Answer · answered May 23 '11 at 06:43

0

Yes. Your key was loaded into your ssh-agent when you first used it (if it has a passphrase a dialog box was displayed.) If you log out the agent will stop.

answered May 23 '11 at 06:43

toppledwagon

4,245
25
15

and how do i remove those? – wick May 05 '22 at 17:53
`ssh-add -D` will remove all keys from your agent. See the man page for more info. – toppledwagon May 06 '22 at 20:46

score 0 · Answer 2 · answered Dec 12 '14 at 20:53

0

Per https://help.github.com/articles/working-with-ssh-key-passphrases/#platform-mac it seems that Mac OSX caches the key in its own keychain. This in turn becomes an alternate data-source for ssh-agent.

answered Dec 12 '14 at 20:53

MarkHu

121
4

Does Mac OS X Cache Private Keys for SSH?

2 Answers2