kousu
commented
5 years ago For anyone who is stumped by this and needs a workaround until a patch gets written, you can use with any private key.
ssh-keygen -p -m PEM -f ~/.ssh/id_rsabut beware this:
- will ask you to change the password on the key (you can just reset it to the same one)
- is in-place and therefore destructive ; in theory you can change back to the other format after but be careful.
OpenSSH has a new format. Its spec is here. It can encode any type of key openssh supports, but in
https://github.com/bcoin-org/bcrypto/blob/934f5ea45a0bc0926b9e7916f68bfeb2ea4881e3/lib/ssh.js#L520-L522
and in
https://github.com/bcoin-org/bcrypto/blob/934f5ea45a0bc0926b9e7916f68bfeb2ea4881e3/lib/ssh.js#L610-L612
which calls
https://github.com/bcoin-org/bcrypto/blob/934f5ea45a0bc0926b9e7916f68bfeb2ea4881e3/lib/ssh.js#L423-L424
bcryptois silently assuming that "OPENSSH PRIVATE KEY" <=> ED25519 key. And this isn't true. In fact, recentssh-keygennow puts all keys in "OPENSSH PRIVATE KEY" format, regardless of the type of key. I've tested on Mac OS Mojave (OpenSSH_7.9p1, LibreSSL 2.7.3) and ArchLinux (OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018) and been bitten by this. On the other hand, Debian stable still uses OpenSSH_7.4p1 Debian-10+deb9u5, OpenSSL 1.0.2r 26 Feb 2019, and that defaults RSA keys to the old style, which is compatible withbcrypto.