SSH private key password never removed with Keychain/ssh-agent

keychainpasswordssh

I have an SSH private key with password, and I'm able to add it to KeyChain/ssh-agent and have the password automatically used without having to enter it.
Now I'd like to add one more thing: I want keychain/ssh-agent to forget (or lock) the password after a certain time elapsed or the screen is locked.

What I'm experiencing (on Mac OS X 10.9.5), is that even if I set my "login" keychain to "lock after sleep", and I wake up the laptop from sleep, and the keychain is still locked, ssh (through ssh-agent?) is still
able to retrieve the password without asking me to unlock the keychain.

Note that the password is added to the keychain 'automatically' when I run ssh the first time – I'm not typing ssh-add on the command line, thus I prefer to not use ssh-add -t TIMEOUT explicitly.

Is there anyway to make it forget/lock the password?

Best Answer

  • Not sure if you have this settings.

    keychain

    Check the Keep login keychain unlocked to off, in keychain preferences - First Aid tab.