Ok. I figured out what the problem was. On OS X there's a ~/.MacOSX/environment.plist file which contains environment variables exported to all programs. That contained a 6-year-old SSH_AUTH_SOCK path added by a third party program. Removing that let the real path through so now ssh-add correctly connects to ssh-agent and with that I was able to figure out that the system-launched ssh-agent did *not* have any identities loaded.
So it turns out, ssh-agent is available on demand, but when it launches it only loads identities automatically if they've previously been stored in the Keychain by a call to `ssh-add -K`. While ssh-agent doesn't automatically grab the ones at ~/.ssh/id_xxx, the ssh command does and I was mistakenly thinking ssh was relying on ssh-agent to grab them.
After figuring all that out and playing with a bunch of scenarios, I don't think libssh2 needs any Keychain code for any scenario since ssh-add and ssh-agent handle it.
-- Seth Willits _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2012-05-05