> You can configure your key so that they require Touch ID (or Watch) authentication before they're accessed.
That, to me, would be a key thing to want to have: something that tells me "hey, Terminal just wanted to access your Github key. Is that okay?"
If I'm git pushing, that's fine. If I just connected to a random server... that's not okay. What is that trying to do? Deny.
2. You can control which private keys are used for which remote server using .ssh/config. You can look up the man page for more.
3. There is a risk of using ssh-sgent key forwarding that while you are connected to a server with key forwarding turned on, a super user sudo to your user and log in to a second host. This risk can be minimized by only enabling key agent forwarding to hosts you trust and limiting the keys available to each host.
Do they employees at Apple use a different system altogether? Because the built-in one doesn't seem very secure. Or maybe I am using it wrong, who knows.
In a similar vein, is there an exhaustive manual for macOS? It bugs me that Apple machines cost a small fortune, the OS is full of nifty features, but there is no non-superficial manual shipped with it.
That's NOT true. While giving out less information to untrusted parties is obviously better than more, the private key itself is not transmitted directly to the server. This means that connecting to an attacker's SSH server doesn't give them a copy of your private key, so they can't then connect to your SSH servers.
One command off the top of my head that doesn’t really follow this is the undocumented/internal `airport` command. In that case it has two different help messages depending on how it’s called, and is also tucked away in a framework as well.
One is unawares of when, how, and for what purposes that key is used - as forwarding the key means it's available for use by any user process (as the mechanism behind the forwarding is user-owned) or root (as root can see everything).
Touch-to-authorize helps mitigate that.
If one seees the prompt come up when they've just performed a git pull, it's expected and likely non-malicious. Allow.
If it pops up after having ran "ls" or "randomly" in the course of a session - what's going on? Deny.
Touch to auth means the agent (or hardware token) asks the user to to confirm they are expecting an authentication request to come in.
This allows you to forward your agent to a host and have slightly more protection against malicious processes on the host using your key.
Host * IdentitiesOnly yes
If you're using -A to log into other machines behind the SSH server (really, the only reason one would use -A), there are now better mechanisms to do that. ProxyJump if the server supports it; port forwarding or ProxyCommand if it doesn't.