Improving the Security of Your SSH Private Key Files
Martin Kleppmann (via Mark Jason Dominus):
I don’t know why
ssh-keygenstill generates keys in SSH’s traditional format, even though a better format has been available for years. Compatibility with servers is not a concern, because the private key never leaves your machine. Fortunately it’s easy enough to convert to PKCS#8:$ mv test_rsa_key test_rsa_key.old $ openssl pkcs8 -topk8 -v2 des3 \ -in test_rsa_key.old -passin 'pass:super secret passphrase' \ -out test_rsa_key -passout 'pass:super secret passphrase'If you try using this new PKCS#8 file with a SSH client, you should find that it works exactly the same as the file generated by
ssh-keygen.
