Cannot unlock password protected SSH key in OS X Mavericks

Apparently, the private key I was using on my machine was an old one. My key did not contain the encryption information added to the private key file if I generate a new one:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-...

To solve the problem, I decrypted the key with openssl:

$ cd ~/.ssh
$ cp id_rsa id_rsa.bck
$ openssl rsa -in id_rsa -out id_rsa

...and then re-encrypted it:

$ openssl rsa -in id_rsa -aes256 -out id_rsa
$ chmod 0600 id_rsa

And just in case, regenerate the public key as well:

$ ssh-keygen -y -f id_rsa > id_rsa.pub

I had the same problem. I solved it by moving .ssh/authorized_keys2 to .ssh/authorized_keys.

The file /etc/sshd_config explicitly contains these lines:

\# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
\# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

This is a change from previous macosx version?

Using brew openssl and openssh fixes the PCKS#8 issue on Mavericks.

brew update
brew install openssl
brew link openssl --force
brew install openssh

# confirm correct bins are being used
# both should be located in /usr/local/bin
which openssl
which openssh

# add key back to keychain
ssh-add ~/.ssh/id_rsa

I'm not sure if force linking openssl breaks anything on Mavricks. So far, I haven't noticed any issues.

Same problem here, my keys show the same behaviour.

I tracked the problem back to this blog post. I modified my ssh-keys the way it was described in this artice to increase security and it worked unter Mountain Lion. http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html

I assume that Apple changed somthing with openssh and the "new" version is not capable of reading the newer PKCS#8 format.

My Mavericks OpenSSH Version: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

I have no other Mac so I can't compare it to the Mountain Lion version.