I updated to macOS Sierra 10.12 (GM) tonight and surprisingly everything seemed to work without any issues … at least so far. One thing that did come up, but was easily remedied, was that all of my SSH keys stopped working.
ssh git@github.com
The above command prompted for a password (assuming you use GitHub), which is should not do if SSH keys are set up properly.
Assuming your SSH keys are RSA-based, I have a quick solution:
cd ~/.ssh
This will get us into our user SSH folder
ssh-add -l
This lists all keys that the SSH agent knows about. After upgrading, this returned zero keys! Note: In reality ssh-add is session-based, and so each time you log in this command will show zero results (see below).
ssh-add -K ~/.ssh/[your-private-ssh-key-name]
You’ll be asked for the password (if one is set) for this private key
-K tells ssh-add to save the key into your Keychain, so that on subsequent logins, even if ssh-add -l shows nothing, ssh will also look in your Keychain to see if the key is save there.
[your-private-ssh-key-name] is likely id_rsa, but it could be others as well
Repeat step 3 as needed
ssh-add -l
You should now see you SSH key(s) listed
That worked for me, though oddly I had to do this process twice as the first time I made it to step four, then exited Terminal, none of my applications using SSH worked, I opened Terminal again and found that nothing was listed when I ran the ssh-add list command.
UPDATE:
This doesn’t seem to do what I thought it should, namely, upon reboot I had to repeat this process again. I have since added the following steps:
cd ~/.ssh/
sudo vim config
I then added this line to my SSH config file:
IdentityFile ~/.ssh/[your-private-ssh-key-name]
I saved the config file, and now my SSH keys work as expected.
UPDATE 2 (19 Dec 2016):
With Apple’s update to 10.12.2 I found myself having SSH issues yet again. A bit of searching pointed me to the updated man pages as seen via Terminal:
man ssh_config
AddKeysToAgent
Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to ``yes'' and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to ``ask'', ssh will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details). If this option is set to ``confirm'', each use of the key must be confirmed, as if the -c option was specified to ssh-add(1). If this option is set to ``no'', no keys are added to the agent. The argument must be ``yes'', ``confirm'', ``ask'', or ``no''. The default is ``no''.
UseKeychain
On macOS, specifies whether the system should search for passphrases in the user's keychain when attempting to use a particular key. When the passphrase is provided by the user, this option also specifies whether the passphrase should be stored into the keychain once it has been verified to be correct. The argument must be ``yes'' or ``no''. The default is ``no''.
I eventually landed on the following inside my config file (~/.ssh/config), erasing everything I had added in the first UPDATE.
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/[your-private-ssh-key-name]
Afterwards I restarted to flush anything in SSH and noticed that everything was working correctly again. At this point, it’s probably a good idea just to start with this, assuming you’re running at least macOS 10.12.2.
Note: The above example I actually repeated three times since I have more than one SSH key that I need to use. Just copy and paste, being sure to update your private key filename.