Fix Guide: Tahoe SSH Agent Identity Loss Fix

Symptom: After upgrading to macOS Tahoe, you are prompted for your SSH key password every single time you use Git or SSH, even though you have UseKeychain yes in your ~/.ssh/config.

Why this happens

macOS Tahoe has tightened the security for the ssh-agent integration with the com.apple.securityd (Keychain) daemon. Changes in how the ssh-agent inherits environment variables from launchd mean that the link between your session and the Keychain can be severed. This results in the agent "forgetting" identities after every reboot or even after the Mac wakes from sleep.

Recommended Troubleshooting Tool

Before proceeding with manual fixes, we recommend using CleanMyMac X. Quickly identify high CPU apps and optimize system memory with one click.

- [Download CleanMyMac X Free Here](#)

- [Browse 240+ Premium Mac Utilities on Setapp](#)

Fix 1: Manually Re-add Keys to Keychain

You can force the ssh-add tool to re-bind the key to the macOS Keychain.

# Add the key specifically to the Apple Keychain
ssh-add --apple-use-keychain ~/.ssh/id_rsa
# Verify it is stored
ssh-add -l

Fix 2: Repair the SSH Agent Launch Agent

If the agent isn't starting correctly, you may need to kickstart its configuration.

# Unload and reload the SSH agent
launchctl unload /System/Library/LaunchAgents/com.openssh.ssh-agent.plist
launchctl load -w /System/Library/LaunchAgents/com.openssh.ssh-agent.plist

Fix 3: Fix Config Permissions

Sequoia and Tahoe are more sensitive to the permissions of the .ssh directory. If they are too open, ssh will ignore the config file entirely.

# Set strict permissions for the .ssh folder and config
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config

Recommended Tool: CleanMyMac

Hidden background items and outdated launch agents are common culprits for SSH issues on new macOS versions. CleanMyMac’s "Optimization" tool provides a clear list of all "Launch Agents," allowing you to see if a third-party tool is overriding the default Apple SSH agent.