Yosemite SSH is too old to read ecdsa SSH keys?
As you may, or may not know, I am a Front-end user interface engineer.1 I got a new Macbook Pro from work recently, to better facilitate my developer duties.2 Prior to this I was working on my personal machine with Arch Linux installed.3 Since linux and the BSDs (on which OS X is based) are so similar, I was able to transfer large portions of my linux environment to OS X with minimal downtime.
Or would have, had I not run into problems with SSH. After copying my
~/.ssh directory from my linux box to OS X, I tried to log in to some remote machines. Much to my chagrin, I recieved the following prompt from our gitolite server indicating problems with SSH pubkey:
After some searching on the internet I re-ran the command with the -vvv switch as
ssh -T git@gitserver:
debug1: Next authentication method: publickey debug1: Trying private key: /Users/obennett/.ssh/id_ecdsa debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Saving password to keychain failed debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> debug1: Next authentication method: password
My interpretation of this debug output was that OS X Yosemite didn’t support ECDSA SSH keys. Not intending to debug this any further I generated some RSA keys and went along my merry way. The RSA keys worked fine. We call that kind of thing a workaround.
This is the official job title bestowed upon me, but simple Front-end developer will suffice. Although, I do perform a fair bit of server backend (dev ops) duties as well – e.g. setting up and maintaining our gitolite server. ↩
Well, that and I didn’t like the Dell machine I had. It was a nice machine, but it wasn’t a mac. As I mentioned previously I’d put Ubuntu linux on my macbook pro to work around some very nasty hardware issues in the dedicated video car–issues which rendered my display useless. ↩
Going with Arch Linux and and there rolling release allows me to have to most up to date packages available. ↩