Choosing the encryption algorithm used by OSX ssh-keygen

ssh-keygen openssl ssh-keys

I have several users that use SmartCVS on OSX to interact with our CVS repository. We use the cvs :ext: (SSH2) method to access the repository, which is stored on a remote linux system. We use ssh key authentication, and require that users encrypt their private keys with a passphrase.

The version of ssh-keygen that ships with OSX uses AES-128-CBC to encrypt private keys, and apparently whatever ssh library SmartCVS uses doesn't support decrypting this cipher, as it throws an error. If I generate a key on Windows using PuTTYgen and move that key over to OSX, things work fine. PuTTYgen (and most versions of ssh-keygen on linux) use the DES-EDE3-CBC cipher, which SmartCVS is able to decrypt without issue.

So, my question is: is there a way to tell ssh-keygen which cipher to use when encrypting the private key? The ssh-keygen(1) man page on OSX doesn't say anything about being able to set the cipher type, but I'm hoping there may be some other way to convert to another cipher type after generation.


I am not sure about how to get ssh-keygen to create a key using a specific encyprption algorithm.

You could generate your key using OpenSSL directly.

# create 1024 bit rsa and encrypt with des3 
#    make sure you set your umask or chmod this so that it is 0600, 
#    or else ssh will refuse to use it.
openssl genrsa -des3 -out .ssh/id_rsa 1024
# export an ssh public key
ssh-keygen -y -f .ssh/id_rsa > .ssh/id_rsa.pub

You could also convert the cipher of an existing key after the fact using OpenSSL.

openssl rsa -in id_rsa -out newkey_id_rsa -des3

See: genrsa(1), rsa(1), and ssh-keygen(1) for a list of the various options.

Related

how to add a REverse PTR Record on Amazon Route 53?
No apache MPM package installed error
lost connection after STARTTLS: Postfix
Automatically run a command every time a file is changed
How to configure DNS server to forward queries about particular domain AND all of its subdomains
Solution for Reverse Proxying onto URLs that are not amenable to being relocated to a subdirectory
Installing MSI via Group Policy in a Fully Unattended Way
Serve different files for specific user agents using nginx
Tomcat Excessive Memory Consumption
Monitor the shell activity of a user on your Unix system?
Remote Desktop: multiple users viewing same desktop session
How to port Apache rewrite rules to cherokee?