If you were quick to upgrade to Mac OS Sierra you may have noticed that your servers that previously used public/private key authentication are now asking for a password or rejecting your connections.
Upon inspecting my ~/.ssh/ folder I discovered that Apple had placed a couple of new files there:
-rwx------@ 1 username staff 1692 Sep 17 2015 TES.pem -rwx------@ 1 username staff 1464 Oct 9 2015 TES.ppk -rw-r--r-- 1 username staff 106 Oct 6 17:27 config
Curious, I opened the config file and noticed that Apple is helpfully(?) setting my identity to this new key:
One way to get around this problem you can tell SSH which key to use explicitly like this:
ssh -i /Users/username/.ssh/yourkey_rsa firstname.lastname@example.org
…but unless you’re using iTerm (which you should be, by the way) where you can bake in the extra commands to your shortcuts, that’s kind of a PITA.
Instead, I just changed the config to use the key I created, commenting out Apple’s stuff in case a quick revert is needed:
# Shipped with Sierra # IdentityFile "/Users/username/.ssh/TES.pem" IdentityFile "/Users/username/.ssh/id_rsa"
Immediately after the change went in all previously working shortcuts were restored and connected immediately without asking for a password. No restart of any services was required.
Until the intention of TES.pem becomes clear this is a temporary solution but so far I haven’t experienced any problems connecting to iCloud or the other Apple services.