From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Date: Fri, 8 Mar 2013 19:02:43 +0100 Message-ID: From: Rudolf Sykora To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Subject: [9fans] unix rsa-key with passphrase vs. p9(p) Topicbox-Message-UUID: 255a2bd8-ead8-11e9-9d60-3106f5b1d025 On 8 March 2013 17:08, Rudolf Sykora wrote > I now see that 9 ssh-agent is really only to deal with passphrases of > the dsa/rsa keys. Well, I seem to be wrong again. And have more questions... In linux, ssh-agent takes care about an (optional) passphrase which was used to cypher the public (and perhaps also private, I believe) keys (so that eg the admin can't abuse these) generated by ssh-keygen; these keys are usually stored under $HOME/.ssh. What do I have to do in order to use "9 ssh-agent" (which uses factotum) when I have the keys already generated (and their public parts distributed) by linux's ssh-keygen? (Ie I have id_rsa and id_rsa.pub in .ssh; and I use a passphrase.) Particularly, there is some information given in p9p's rsa(1): ---------------- Convert existing Unix SSH version 2 keys instead of generat- ing new ones: cd $HOME/.ssh pemdecode 'DSA PRIVATE KEY' id_dsa | asn12dsa >dsa2 pemdecode 'RSA PRIVATE KEY' id_rsa | asn12rsa >rsa2 Load those keys into factotum: cat rsa1 rsa2 dsa2 | 9p write -l factotum/ctl ---------------- but my keys are protected with a passphrase, so these commands do not directly work. What must I do? Finally, is there any reason to prefer the factotum way rather than the linux's way just with ssh-keygen (with a passphrase) + ssh-copy-id + (linux's) ssh-agent? Thanks! Ruda