Skip to content

Instantly share code, notes, and snippets.

@rjocoleman

rjocoleman/README.md

Created July 29, 2021 12:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rjocoleman/c6800bee1331bac694112874b4b30662 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rjocoleman/c6800bee1331bac694112874b4b30662 to your computer and use it in GitHub Desktop.
Download ZIP
Stomp on OpenSSH macOS
Raw
README.md

What?

Replace the macOS ssh-agent with Homebrews.

Why?

For greater control e.g. supporting security keys.

How?

Don't actually replace ssh-agent because it's really deep in there, SIP and other things are preventing us. Instead, leave it alone and steal the $SSH_AUTH_SOCK. Apple's ssh-agent has -l is an undocumented patch for launchd support via listeners __APPLE_LAUNCHD__. OpenSSH-Portable that we get from Homebrew doesn't have that feature. So we bind to a specific socket and start the ssh-agent at load (this may have issues with sleep, hibernate etc lets find out). Our second launch agent symlinks that socket to the current value of $SSH_AUTH_SOCK (which is created by the launch agent for the real ssh-agent and is different each time...

How to do it?

  1. Install Homebrew
  2. Install OpenSSH via homebrew
  3. Create ~/Library/LaunchAgents/com.openssh.ssh-agent-local.plist with this content
  4. Create ~/Library/LaunchAgents/link-ssh-auth-sock.plist with this content
  5. launchctl load -F ~/Library/LaunchAgents/com.openssh.ssh-agent-local.plist
  6. launchctl load -F ~/Library/LaunchAgents/link-ssh-auth-sock.plist
  7. log out or something.

YMMV no warrenty.

Raw
com.openssh.ssh-agent-local.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.openssh.ssh-agent-local</string>
<key>ProgramArguments</key>
<array>
<string>/opt/homebrew/bin/ssh-agent</string>
<string>-a</string>
<string>/opt/homebrew/var/run/ssh-agent-local.sock</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment