Mac OS Sierra breaks ssh keys

Mac OS Sierra breaks ssh keys

If you were quick to upgrade to Mac OS Sierra you may have noticed that your servers that previously used public/private key authentication are now asking for a password or rejecting your connections. 

Upon inspecting my ~/.ssh/ folder I discovered that Apple had placed a couple of new files there:

-rwx------@ 1 username staff 1692 Sep 17 2015 TES.pem
-rwx------@ 1 username staff 1464 Oct 9 2015 TES.ppk
-rw-r--r--  1 username staff 106 Oct 6 17:27 config

Curious, I opened the config file and noticed that Apple is helpfully(?) setting my identity to this new key:

IdentityFile "/Users/username/.ssh/TES.pem"

One way to get around this problem you can tell SSH which key to use explicitly like this:

ssh -i /Users/username/.ssh/yourkey_rsa

…but unless you’re using iTerm (which you should be, by the way) where you can bake in the extra commands to your shortcuts, that’s kind of a PITA.

Instead, I just changed the config to use the key I created, commenting out Apple’s stuff in case a quick revert is needed:

# Shipped with Sierra
# IdentityFile "/Users/username/.ssh/TES.pem"

IdentityFile "/Users/username/.ssh/id_rsa"

Immediately after the change went in all previously working shortcuts were restored and connected immediately without asking for a password. No restart of any services was required.

Until the intention of TES.pem becomes clear this is a temporary solution but so far I haven’t experienced any problems connecting to iCloud or the other Apple services.

Would you like to post a comment?

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>