Replace the macOS ssh-agent
with Homebrews.
For greater control e.g. supporting security keys.
Don't actually replace ssh-agent
because it's really deep in there, SIP and other things are preventing us.
Instead, leave it alone and steal the $SSH_AUTH_SOCK
.
Apple's ssh-agent
has -l
is an undocumented patch for launchd support via listeners __APPLE_LAUNCHD__
.
OpenSSH-Portable that we get from Homebrew doesn't have that feature. So we bind to a specific socket and start the ssh-agent
at load (this may have issues with sleep, hibernate etc lets find out).
Our second launch agent symlinks that socket to the current value of $SSH_AUTH_SOCK
(which is created by the launch agent for the real ssh-agent and is different each time...
- Install Homebrew
- Install OpenSSH via homebrew
- Create
~/Library/LaunchAgents/com.openssh.ssh-agent-local.plist
with this content - Create
~/Library/LaunchAgents/link-ssh-auth-sock.plist
with this content launchctl load -F ~/Library/LaunchAgents/com.openssh.ssh-agent-local.plist
launchctl load -F ~/Library/LaunchAgents/link-ssh-auth-sock.plist
- log out or something.
YMMV no warrenty.