[ssh_x509] error: Unable to load host key "ssh_host_ecdsa_key": incorrect passphrase supplied to decrypt private key

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu May 9 20:20:51 EEST 2019

Hi Venkat ,

ssh_x509 at roumenpetrov.info wrote:
> Hi,
>     I have generated the certificate Hostkey file and then signed my
> certificate from CA using the openSSL. while generated the key pair using
> the below command I was prompted to enter the PassPhrase. so I entered,
> without entering the passphrase I could not generate the Private key using
> the below openssl command "*openssl req -config
> intermediate/openssl_server.cnf -new -newkey ec:<(openssl ecparam -name
> prime256v1) -keyout intermediate/private/sshserver.key.pem -out
> intermediate/csr/server.csr*"
> While I was using this certificate as the HostKey in the PKIXSSH I am
> getting the following error message "*error: Unable to load host key
> "/usr/local/etc/ssh_host_ecdsa_key": incorrect passphrase supplied to
> decrypt private key*"

Host keys are password less . After creation with openssl use ssh-keygen 
to set "empty" password.

TiP: use order -N "" -f ... as in some shells(?) or shell scripts(?)  
order  -f ... -N ""  does not work. Issue in certain cases if last 
argument is empty.

> Please clarify how to feed in the passphrase while loading the private key
> in ssh server. The function sshkey_parse_private_pem_fileblob() is falling
> at the ln#:4205.
> How to bypass the passphrase checking or where to configure the passphrase
> for loading it while the sshd is started.

Another option it to use ssh-agent to load host keys.
You must be familiar with use askpass program. In such case it could be 
shell script that just output password.

> Any suggestion/help is greatly appreciated.
> Thanks,
> Venkat.


More information about the ssh_x509 mailing list