Well, I guess there is not a single expert on this out there watching, so I'll wing it. I suppose the first thing I need to do is make this OS X server trust the ADCS root. This involves adding the root certificate to Keychain. I will dig up my notes on this .. there is a bash command to do this .. and post it here.
Sep 26, 2017 Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext September 26, 2017 Swati Khandelwal Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well. Sep 25, 2017 macOS High Sierra now available as a free update macOS High Sierra brings powerful, new core storage, video and graphics technologies to the Mac. Cupertino, California — Apple today announced macOS High Sierra, the latest release of the world’s most advanced desktop operating system, is now available as a free update.
Once that is done, I have to make a choice. Eventually, I would want to replace my self-signed Open Directory server certificate with one issued by my ADCS CA. I have to decide if I should do this before or after I push out a profile to my Mac clients with the ADCS root certificate.
If I do it before, I'm not sure how that will affect the binding to OD. I don't see the OD server certificate installed in my client's Keychain .. I guess it is simply using it as an SSL certificate for in-transit encryption. There doesn't seem to be a trust established for this certificate, so if I replace it with one from ADCS the clients will be in the same situation .. communicating with a server with an untrusted cert. I don't know if the binding somehow made this cert trusted and the change will break that or not.
If I do it after I push out ADCS certs to the clients (via Profile Manager), then the clients would at least trust that new OD server cert, since it can be chained back to the ADCS root.
Source links
Problem
As described in detail on https://openradar.appspot.com/27348363, macOS/OS X till Yosemite used to remember SSH keys added by command ssh-add -K <key>.
Unfortunately this way no longer works. Keys added to the keychain via ssh-add -K are not automatically re-added to the ssh-agent after a reboot. As Apple Developer stated:
Mac Os High Sierra Generate Csr And Export Key In Windows 10
'That’s expected. We re-aligned our behavior with the mainstream OpenSSH in this area.'
Solutions
Solution 1 (recommended)
Apple updated its Technical Notes to indicate that since 10.12.2, macOS includes version 7.3p1 of OpenSSH and its new behaviors.
In ~/.ssh create config file with the following content: Splinter cell conviction cd key generator free code.
Solution 2
After usage of ssh-add -K <key> (it's recommended to use absolute path of keys) call the command ssh-add -A on every startup of macOS.
To automate this, add a .plist with the following content to the path ~/Library/LaunchAgents/:
Alternatives
Create this file with the Lingon app.
Use
curlto download the .plist file to the stated path:
Notes
Universal key generator 2019. If you have issues with ssh-add: illegal option -- K after using the ssh-add -K command, you may use the full path of the command /usr/bin/ssh-add.