SSH config: add IgnoreUnknown UseKeychain during onboarding #74
Description
Problem
auths init writes UseKeychain yes to ~/.ssh/config under a Host * block. This is a macOS-specific OpenSSH option. If the user's SSH version doesn't recognize it, all git+SSH operations fail:
/Users/.../.ssh/config: line 7: Bad configuration option: usekeychain
/Users/.../.ssh/config: terminating, 1 bad configuration options
fatal: Could not read from remote repository.
Fix
1. auths init (onboarding)
When writing the SSH config, prepend IgnoreUnknown UseKeychain on the same Host * block:
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519_...
This tells SSH to silently skip UseKeychain if unsupported, rather than failing.
2. auths doctor (diagnostics)
auths doctor should check for this condition:
- If
~/.ssh/configcontainsUseKeychainwithout a precedingIgnoreUnknown UseKeychain, flag it as a warning - Print the location of the SSH config and suggest adding the directive
- Users who break their auths setup will likely reach for
auths doctorfirst, so this is an important diagnostic to surface
Context
Discovered while dogfooding the @auths-dev/verify widget. After wiping and re-creating an identity, git push failed due to this SSH config issue.