You are not logged in.
- Topics: Active | Unanswered
#1 2014-02-03 13:22:13
- mcloaked
- Member
- From: Yorkshire, UK
- Registered: 2012-02-02
- Posts: 1,279
[SOLVED] openssh 6.5 - can't add ed25519 key to agent
I have been switching over ssh keys from rsa to the new ed25519 keys in the recently released openssh package v 6.5.
Creating new keys with
ssh-keygen -t ed25519is straighforward.
Copying the new public key to the authorized_keys file is also straightforward. However I have been using the ssh-agent at /usr/bin/ssh-agent for some time perfectly successfully with rsa keys which have passphrases.
When trying to add the newly created key with ssh-add it fails:
$ ssh-add
Enter passphrase for /home/mike/.ssh/id_ed25519:
SSH_AGENT_FAILURE
Could not add identity: /home/mike/.ssh/id_ed25519It would seem that this is possibly due to the new bcrypt format that the encrypted key is stored in not being recognised by ssh-add, so I tested this by removing the passphrase from the private key
$ cd ~/.ssh
$ ssh-keygen -p -f id_ed25519 -N ''
Enter old passphrase:
Key has comment 'id_ed25519'
Your identification has been saved with the new passphraseNow the ssh-add command is quite happy - but now the key is stored in plain text and therefore less secure!
Does anyone know of a workaround for this so that the private ssh key can be stored in its bcrypt format, and still be used by the agent?
Edit after further work: I just tried to add back in the passphrase, and now it works - I am puzzled as to what changed but it seems fine now!
i.e. After re-adding the passphrase with
$ ssh-keygen -p -f id_ed25519Then I ran ssh-add again - this time it accepted it! Sorry for the noise.
Last edited by mcloaked (2014-02-03 13:36:17)
Mike C
Offline