Subject: Re: SSH & SFTP: Passphrase Problem + Libssh2 Correction

Re: SSH & SFTP: Passphrase Problem + Libssh2 Correction

From: Simon Josefsson <>
Date: Fri, 09 Jul 2010 22:06:47 +0200

Paul Romero <> writes:

> Dear Group:
> I previously posted this problem to the libcurl group and after
> considering it, think it might actually be a libssh2 problem.
> The general problem is that if my private key is encrypted--with
> a passphrase, I can't complete authentication with the SSH
> server using libssh.

Are you using libgcrypt or OpenSSL as the backend? The libgcrypt
backend can only read unencrypted private keys.

Encrypted or not, having the private key in the same process as libssh2
code is likely a bad idea for security -- so I suggest that you use the
agent interface to move public/private key handling to a separate
process. Then you can support any kind of private key (GnuTLS has code
to decrypt encrypted private keys).

Received on 2010-07-09