After upgrading to Mavericks (Mac OS X 10.9) I found that ssh-add wasn’t working. After investigating I discovered that the SSH shipped with Mavericks has a regression and doesn’t support pkcs8 keys. Mac OS X 10.8’s SSH supported these keys just fine.
Earlier in the year I had read an article about using pkcs8 formatted keys to encrypt your SSH private keys more strongly. I went ahead and did this because 10.8 (and my Linux machines) supported it just fine. 10.9, however ships with a different SSH. “ssh -V” outputs:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
The previous version did not have “OSSLShim”, but rather used OpenSSL. My guess is that Apple replaced OpenSSL with some sort of API shim to another (Apple built?) library that doesn’t have support for pkcs8. Weak.
Anyway, the workaround is to use the openssl command line program to decrypt the key like this:
openssl pkcs8 -in ~/.ssh/id_rsa | ssh-add -
I put that in a file called “~/mavericks_sucks” so that I can just do:
in the terminal after I boot my computer and then everything works after that.
I’ve submitted a bug to Apple’s bug reporter, but it was marked as a duplicate of bug 14776937 but of course I can’t read bug 14776937 or get status on it because Apple’s whole bug reporting system is a piece of crap. Oh well. Hopefully their stupid shim will support all the features of normal OpenSSL (before 10.10).
6 thoughts on “Mac OS X 10.9 (Mavericks) and SSH pkcs8 keys”
I did the decrypt/encrypt trick too fix this:
$ cp -pr .ssh .ssh_10.8 # you never know, backup!
$ cd .ssh
$ chmod +w id_rsa id_rsa.pub
$ openssl rsa -in id_rsa -out id_rsa # decrypt in place
$ openssl rsa -in id_rsa -aes256 -out id_rsa # encrypt in place
$ ssh-keygen -y -f id_rsa > id_rsa.pub # regen public key
$ chmod 400 id_rsa id_rsa.pub
After restart the mac askes on first ssh access the Phrase (don’t forget to click “remember”), and voila, it will work until it’s broken again.
Yep, that re-encrypts using the older, less secure (and SSH default) SSLeay format which Mavericks can read.
A couple nitpicks:
The keys should already by readable and writable by the user so the “chmod” step seems superfluous.
It is possible to decrypt and re-encrypt in one step (preventing the private key from ever touching the disk unprotected):
$ openssl rsa -in id_rsa -aes256 -out id_rsa
The public key shouldn’t need to be regenerated—the private key shouldn’t be changing, it’s just encrypted differently.
In case anybody’s having issues with these hardened keys using Mavericks, I’ve written a blog-post on how to work around the limitation by rebuilding ssh-add and ssh-agent from source:
FWIW for others who may stumble across this post—I just submitted a duplicate bug report for this issue. Bug number is: 17138424. Feel free to reference it in your own report.
Also, I have a strong feeling that this probably still isn’t fixed in Yosemite (10.10).
If anyone reading this has ability to check/recreate/resubmit this issue for Yosemite (10.10), please do so.
I have confirmed that the bug is still there in Yosemite.