Mac OS X Mojave and SSH-AGENT notifications

For work (this time around), I have been given a new Macbook Pro 12″ running Mac OS X version 10.14.1, also known as Mojave.

I was missing my ssh-agent notifications on this new mac (see links below), so it’s time to replay my recipe wherein I patch Apple’s OpenSSH to integrate support for Notification Center.

Original article:
http://devinteske.com/wp/ssh-agent-notifications-osx/
Update to original:
http://devinteske.com/wp/replay-mac-os-x-and-native-ssh-agent-notifications/
Further update to original:
http://devinteske.com/wp/mac-os-x-el-capitan-and-native-ssh-agent-notifications/

However, things have changed slightly in Mojave, so we’ll explore a new set of instructions to simplify the process.

How to patch Apple’s OpenSSH on Mojave to support native Notification Center in 17 steps (Mojave specific changes highlighted in red):

REMINDER: You can browse Apple’s open source repository at https://opensource.apple.com/

  1. Open Terminal.app
  2. Mac OS X 10.14.1:
    curl -LO https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7.tar.gz
    Mac OS X 10.14.3:
    curl -LO https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5.tar.gz
  3. tar zxf !$:t
  4. INC=`pwd`/!$:r:r/include
  5. curl -LO https://opensource.apple.com/tarballs/OpenSSH/OpenSSH-220.220.4.tar.gz
  6. tar zxf !$:t
  7. cd !$:r:r/openssh
  8. curl -L https://github.com/devinteske/apple/commit/5063bab155cdcd5d160d94aea0a7a09fd9999896.patch -o patch.txt
  9. patch -N < !$
  10. CC=clang CFLAGS="-I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include -I$INC" LDFLAGS="-isysroot / -L/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib" ./configure --with-pam --with-audit=bsm
  11. make TARGETS=ssh-agent
  12. Disable System Integrity Protection using Apple SIP Guide
  13. sudo cp -avf /usr/bin/ssh-agent{,.orig}
    Note: This step requires SIP to be disabled
  14. sudo cp ssh-agent /usr/bin/ssh-agent
    Note: This step requires SIP to be disabled
  15. Optional: Re-enable SIP using Apple SIP Guide
  16. killall ssh-agent
  17. ssh some-host
    Note: If you’re just using ~/.ssh/id_rsa and haven’t added the key to your keychain, no notification will appear and you will have to execute “ssh-add -K ~/.ssh/id_rsa” (without quotes; make sure to use capital-K) to add the key to your keychain.

Now every subsequent ssh request that uses a key stored in your keychain will cause a notification to appear in Apple’s built-in Notification Center. Cheers!