I have an id_rsa file set up so that I can SSH and Git into my servers. The SSH keys are protected by a passphrase. ssh-agent remembers the passphrase so I don’t have to keep entering it, and it can get the passphrase from the Mac keychain so that I don’t have to enter it at all. When I updated to macOS 10.12.2, I was suddenly being prompted for the passphrase again. It seems that macOS 10.12 added a new UseKeychain option for ssh, but this didn’t affect me because it defaulted to on. As of macOS 10.12.2, it defaults to off. There was also a change in macOS 10.12 that meant keys were no longer automatically added to the agent. I don’t think this affected me because mine had already been added and I didn’t start using any new servers.
Anyway, to get back to the behavior I like where auto-login works, I set up my .ssh/config file as:
Host * UseKeychain yes AddKeysToAgent yes
Update (2016-12-22): Apple Technical Note TN2449:
Prior to macOS Sierra,
sshwould present a dialog asking for your passphrase and would offer the option to store it into the keychain. This UI was deprecated some time ago and has been removed.Instead, a new
UseKeychainoption was introduced in macOS Sierra allowing users to specify whether they would like for the passphrase to be stored in the keychain. This option was enabled by default on macOS Sierra, which caused all passphrases to be stored in the keychain.This was not the intended default behavior, so this has been changed in macOS 10.12.2. To store passphrases in the keychain, set this option in your
sshconfiguration file[…]
