Using PKCS#8 encrypted private keys w/ ssh-agent

ssh ssh-agent

Unsetting SSH_AUTH_SOCK is a workaround, but doing so disables ssh-agent, which some people might still want to use.

It seems that ssh-agent can't sign anything with the private key because it doesn't properly decrypt it when automatically adding this key to the keyring.

If one generates the standard id_rsa identity file in ~/.ssh, or stores a private key along with its public key in ~/.ssh, ssh-agent automatically adds this to its keyring. But when doing so, it doesn't prompt for a passphrase, it doesn't ever decrypt the key.

The solution is to add the key manually. Remove all pkcs#8 encrypted keys from the ssh-agent using ssh-add -D and move private+public key files out of ~/.ssh. reboot or ssh-agent -k, then move back your pkcs#8 encrypted PRIVATE key to ~/.ssh. Using ssh-add, one is prompted for the decryption passphrase. ssh-agent can now access the unencrypted private key, and therefore sign stuff with it.

(via Damon Dransfeld)

Related

Can we manually throttle the bandwidth of a network interface?
How do I customize unity on Ubuntu 13.04?
Change the background color of command line in zsh when I change the prompt theme
what is the purpose and role of rules file in debian packaging
vsftpd not starting
Envy 4500 printer not scanning
How to make my application accept folders from Unity Launcher?
How do I create an encrypted growable disk image?
Can't add any PPA's after reinstalling Ubuntu 13.10
Does Kingsoft Office Official PPA exist?
Usb boot device totally unable to be formatted
Updating variables in my.cnf