Page History

...

When you access an encrypted ssh private key in Mac OS X 10.11 “El Capitan” and earlier, Mac OS X prompts you to save its passphrase (encrypted) in the Apple keychain. From then on your private key will be automatically decrypted and available on request. When this is working, "ssh-add -lL" should show at least one key available on your Mac or Linux system. After you "ssh -A" to another host with agent forwarding, "ssh-add -lL" should show the same key(s) available as on your local desktop.

...

You should be able to manually add your private key passphrase to the Apple Keychain with "ssh-add -K --apple-use-keychain ~/.ssh/id_rsa" (, assuming ~/.ssh/id_rsa is your private key )on a current version of macOS; for older versions you may need  "ssh-add -K ~/.ssh/id_rsa" instead. You only need to do this once per key.

...

An ssh agent loads (encrypted) keys from disk, decrypts them in memory, and makes the keys available to ssh clients such as ssh, sftp, and scp. OpenSSH’s ssh-agent caches keys, and ssh-add controls ssh-agent. To load keys from disk, use a command such as ssh-add -t 540 private-key, which will read private-key, prompt for the passphrase to decrypt it, make the key available to ssh client programs for 9 hours, and then clear it from memory.  ssh"ssh-add -l lists L" lists all loaded keys.

ssh-agent is intended to run as a parent process, spawning shells or an X11 session as child processes. The children automatically inherit access to the parent agent via environment variables. This is inconvenient for configurations without a single parent process for each user. ssh ‘keychains’ such as Gentoo keychain work by sharing a single ssh-agent across multiple processes.

...

For Mac: First add your private key passphrase to the Apple Keychain with "ssh-add -K --apple-use-keychain ~/.ssh/id_rsa". Then enable authentication forwarding to xbio by adding the following to ~/.ssh/config on your Mac:

...