Sandboxing denies access to SSH keys.

[SailingYYC]

Upgraded to 4.3 (10871) via Mac AppStore update. This version has sandboxing enabled by default which prevents access to SSH keys stored in ~/.ssh .

Initial connection attempt results in: I/O Error: Connection failed /Users/XXXX/.ssh/id_rsa (Operation not permitted).

-- Console Log --

2013-05-04 1:15:33.000 AM kernel[0]: Sandbox: sandboxd(93005) deny mach-lookup com.apple.coresymbolicationd
2013-05-04 1:15:41.398 AM sandboxd[93005]: ([92668]) Cyberduck(92668) deny file-read-data /Users/XXXX/.ssh/id_rsa

Manually updating the bookmarks and reselecting the SSH key, via the file dialog, permits flawless functionality, until the next time Cyberduck is executed.

[dkocher]

We have to test if r11000 is enough to fix this.

[dkocher]

This will also be an issue for reading and writing keys to the ~/.ssh/known_hosts file.

[dkocher]

Fixed entitlements in r11019.

[dkocher]

#7208 closed as duplicate.

[dkocher]

#7377 closed as duplicate.

[dkocher]

We've determined that one or more temporary entitlement exceptions requested for this app are not appropriate and will not be granted:

com.apple.security.temporary-exception.files.home-relative-path.read-only: /.ssh/

We understand this may prevent the app from being approved for the Mac App Store. We encourage you to investigate other ways of implementing the desired functionality.

Reverted in r13638.

[SailingYYC]

So close! Any insights into an alternative course of action that doesn't involve caching the files in a safe location as this would prove detrimental...

Thanks again for all your great work.

[dkocher]

In r13662. Store security scoped application bookmark for file references outside of sandbox. Change minimum system requirement to 10.7.3 for MAS build.