Upgrading OpenSSH on macOS

macOS ships with OpenSSH 8.1, but some newer features require 8.2 or higher

Featured image for Upgrading OpenSSH on macOS

I wanted to use my YubiKey for SSH authentication, however, to implement FIDO2 credential support, I needed OpenSSH 8.2 or newer. Unfortunately, macOS Big Sur ships with OpenSSH 8.1.

To solve this problem, I used Homebrew to install a newer version of OpenSSH, version 9.2 at the time of writing: brew install openssh. After the installation completed, I disabled macOS' default ssh-agent:

launchctl disable user/$UID/com.openssh.ssh-agent

Next, I added my own launch agent at ~/Library/LaunchAgents/com.hkamran.ssh_agent.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

        <string>/usr/local/bin/ssh-agent -D -a ~/.ssh/agent</string>


The -D option passed to ssh-agent prevents it from forking, and the -a ~/.ssh/agent tells ssh-agent to bind to ~/.ssh/agent.

I also added the following line to my .zshrc file, which ensures that the bind address is set to ~/.ssh/agent.


Finally, either open a new shell (new tab, new window, etc.) or type exec $SHELL which relaunches the shell. Run ssh -V or which ssh to check that you are using the new version from Homebrew.


If you'd like to read about how to use FIDO2 SSH keys, I've written a companion article on the topic.


If you have any questions or need any help, feel free to contact me on Twitter or Mastodon.

If you have any improvements to any of my articles or notes, please submit a pull request.

Thank you for reading!