If you were quick to upgrade to Mac OS Sierra you may have noticed that your servers that previously used public/private key authentication are now asking for a password or rejecting your connections. 

Upon inspecting my ~/.ssh/ folder I discovered that Apple had placed a couple of new files there:

-rwx------@ 1 username staff 1692 Sep 17 2015 TES.pem
-rwx------@ 1 username staff 1464 Oct 9 2015 TES.ppk
-rw-r--r--  1 username staff 106 Oct 6 17:27 config

Curious, I opened the config file and noticed that Apple is helpfully(?) setting my identity to this new key:

IdentityFile "/Users/username/.ssh/TES.pem"

One way to get around this problem you can tell SSH which key to use explicitly like this:

ssh -i /Users/username/.ssh/yourkey_rsa user@yourserver.com

…but unless you’re using iTerm (which you should be, by the way) where you can bake in the extra commands to your shortcuts, that’s kind of a PITA.

Instead, I just changed the config to use the key I created, commenting out Apple’s stuff in case a quick revert is needed:

# Shipped with Sierra
# IdentityFile "/Users/username/.ssh/TES.pem"

IdentityFile "/Users/username/.ssh/id_rsa"

Immediately after the change went in all previously working shortcuts were restored and connected immediately without asking for a password. No restart of any services was required.

Until the intention of TES.pem becomes clear this is a temporary solution but so far I haven’t experienced any problems connecting to iCloud or the other Apple services.