Cyberduck Mountain Duck CLI

#7333 closed enhancement (fixed)

Support for SSH key PKCS#8

Reported by: emmanuel Owned by: dkocher
Priority: low Milestone: 4.5
Component: sftp Version: 4.3.1
Severity: normal Keywords:
Cc: Architecture:
Platform: Mac OS X 10.8


I have recently followed a good (I think) security practice and used a way to improve protection of my key against brute force attack. The DSA private key is not encapsulated in a PKCS#8 envelope

It turns out that cyberduck does not know how to open this envelope and fails with the following error message when I try and access a FTP via SFTP. Regular SSH connection works.

invalid PEM structure, '-------BEGIN...' missing

Change History (6)

comment:1 Changed on Jul 5, 2013 at 2:13:48 PM by dkocher

  • Type changed from defect to enhancement

comment:2 Changed on Sep 11, 2013 at 2:39:28 PM by dkocher

  • Priority changed from normal to low

comment:3 Changed on May 6, 2014 at 7:58:40 PM by dkocher

  • Milestone set to 4.4.5
  • Status changed from new to assigned

Add interoperability will be quite straight forward.

Notice that the header/footer lines have changed (BEGIN ENCRYPTED PRIVATE KEY instead of BEGIN RSA PRIVATE KEY), and the plaintext Proc-Type and DEK-Info headers have gone

comment:4 Changed on May 6, 2014 at 7:59:58 PM by dkocher

Although not many users will adopt the better key format given

On Mac OS X 10.9 (Mavericks), the default installation of OpenSSH no longer supports PKCS#8 private keys for some reason

comment:5 Changed on May 7, 2014 at 3:20:21 PM by dkocher

  • Milestone changed from 4.4.5 to 4.5
  • Resolution set to fixed
  • Status changed from assigned to closed

In r14566.

comment:6 Changed on May 9, 2014 at 2:05:20 PM by dkocher

Please update to the latest snapshot build available and confirm the issue is resolved.

Note: See TracTickets for help on using tickets.