I have SSH key-based authentication setup to connect to a remote server from my Macbook Air. The private key was originally stored in ~/.ssh/id_rsa, but I have since moved that file to a secure external HD. I deleted the file from the ~/.ssh directory as well (in theory, no one would be able to connect without the private key on that external HD).
However, when I try to connect to my remote host via ssh (ssh [email protected]), it happily connects (without the external w/ the keyfile plugged in). It does say "last logged in at" at the prompt, so is my Mac caching the keyfile somewhere?
Yes. Your key was loaded into your ssh-agent when you first used it (if it has a passphrase a dialog box was displayed.) If you log out the agent will stop.
Per https://help.github.com/articles/working-with-ssh-key-passphrases/#platform-mac it seems that Mac OSX caches the key in its own keychain. This in turn becomes an alternate data-source for ssh-agent.