After upgrading to Mavericks (Mac OS X 10.9) I found that ssh-add<\/tt> wasn’t working. After investigating I discovered that the SSH shipped with Mavericks has a regression and doesn’t support pkcs8 keys. Mac OS X 10.8’s SSH supported these keys just fine.<\/p>\n
Earlier in the year I had read an article<\/a> about using pkcs8 formatted keys to encrypt your SSH private keys more strongly. I went ahead and did this because 10.8 (and my Linux machines) supported it just fine. 10.9, however ships with a different SSH. “ssh -V<\/tt>” outputs:<\/p>\n The previous version did not have “OSSLShim”, but rather used OpenSSL. My guess is that Apple replaced OpenSSL with some sort of API shim to another (Apple built?) library that doesn’t have support for pkcs8. Weak.<\/p>\n Anyway, the workaround is to use the openssl<\/tt> command line program to decrypt the key like this:<\/p>\n I put that in a file called “~\/mavericks_sucks” so that I can just do:<\/p>\n in the terminal after I boot my computer and then everything works after that.<\/p>\n I’ve submitted a bug to Apple’s bug reporter<\/a>, but it was marked as a duplicate of\u00a0bug 14776937 but of course I can’t read\u00a0bug 14776937 or get status on it because Apple’s whole bug reporting system is a piece of crap. Oh well. Hopefully their stupid shim will support all the features of normal OpenSSL (before 10.10).<\/p>\n","protected":false},"excerpt":{"rendered":" After upgrading to Mavericks (Mac OS X 10.9) I found that ssh-add wasn’t working. After investigating I discovered that the SSH shipped with Mavericks has a regression and doesn’t support pkcs8 keys. Mac OS X 10.8’s SSH supported these keys just fine. Earlier in the year I had read an article about using pkcs8 formatted … Continue reading Mac OS X 10.9 (Mavericks) and SSH pkcs8 keys<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-443","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/comments?post=443"}],"version-history":[{"count":8,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/443\/revisions"}],"predecessor-version":[{"id":452,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/posts\/443\/revisions\/452"}],"wp:attachment":[{"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/media?parent=443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/categories?post=443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/porkrind.org\/missives\/wp-json\/wp\/v2\/tags?post=443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011<\/pre>\n
openssl pkcs8 -in ~\/.ssh\/id_rsa | ssh-add -<\/pre>\n
. mavericks_sucks<\/pre>\n