Apple added a few non-standard interaction between SSH Agent and there own Keychain. This gave a great default of strong public-key cryptography with the convenience of not needing to enter a password all the time. But with macOS Sierra (10.12) the defaults changed1. It took some time for people to figure out what was happening, but finally after 7 months, Bart Busschots explains how to reset the defaults and regain the old balance of security and convenience.

For more information on SSH, I recommend the Bart’s Taming the Terminal parts 29 through 33.

  1. The previous defaults are explained well in Taming the Terminal part 30