Nix/direnv dev shell overrides macOS ssh; git pull fails on UseKeychain in ~/.ssh/config #149
Description
🐛 Describe the bug
When entering the repo with direnv (flake dev shell), PATH resolves ssh to a Nix-provided OpenSSH binary (e.g. /nix/store/.../bin/ssh). That ssh doesn’t accept macOS-specific ~/.ssh/config options like UseKeychain, so git pull fails with “Bad configuration option: usekeychain”. If direnv is disabled (so /usr/bin/ssh is used), git pull succeeds.
💭 Expected Behavior
git pull should work inside the repo dev shell even when a user’s ~/.ssh/config includes macOS options like UseKeychain.
🔁 Steps To Reproduce
- cd my-scaf-fullstack-app (direnv loads flake shell)
- Run git pull
- Observe failure
- Run direnv disallow
- Run git pull again and observe it succeeds
🌎 Environments
- Sandbox
- Staging
- Production
📝 Additional context
- In dev shell:
- which ssh => /nix/store/...-openssh-10.2p1/bin/ssh
- ssh -V => OpenSSH_10.2p1, OpenSSL 3.6.0 1 Oct 2025 - After direnv disallow:
- which ssh => /usr/bin/ssh
- ssh -V => OpenSSH_10.0p2, LibreSSL 3.3.6
- git pull => Already up to date.
📜 Relevant log output
warning: unhandled Platform key FamilyDisplayName
/Users/scott/.ssh/config: line 3: Bad configuration option: usekeychain
/Users/scott/.ssh/config: terminating, 1 bad configuration options
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.📸 Screenshots
No response