What did you do?

• I created a new connection using an SSH Tunnel with an ed25519 key
• I tried testing the connection

What did you expect to happen?

• I expected the connection via SSH tunnel to work

What actually happened?

• I got "Private Key could not be read - here was a problem with the SSH private key: Unable to extract public key from private key file: Wrong passphrase or invalid/unrecognized private key file format. To try again, please provide a passphrase for decrypting the private key file:" instead.
• Establishing the SSH connection using the same key/passphrase works using ssh via Terminal.

What software versions are you using?

Postico version:
2.1 dev (9640)

macOS version:
13.4.1 (22F82)

1. Before we look into this, could you try updating to build 9642? I've updated libssh2 in that build.

2. Make sure to select the private key, not the public key

3. I've seen a similar error in the past when the key was encrypted with an algorithm that libssh2 didn't support. If the problem persists with build 9642, can you try checking the key with this tool: https://github.com/jakob/ssh-keyinfo, and let me know which algorithm it uses for encryption

Thank you for the quick reply.

1. I updated Postico to 9642 but it still does not work.
2. Made sure.
3. The output reads:

  length = 302 bytes
  Key File Format: OpenSSH Key File Format Version 1
  ciphername: aes256-gcm@openssh.com
  kdfname: bcrypt
  ...

Thank you for the details. It seems that there's a bug in libssh2 that prevents it from reading OpenSSH Key files encrypted with AES GCM methods.

I've been able to find the source of the bug, and submitted a pull request to the libssh2 project: libssh2/libssh2#1133

It's probably going to take a while until this fix is released, so I've updated Postico to build with a patched version of libssh2.

If you update to build 9644 or newer, your GCM-encrypted key should work!

That's very impressive Jakob, the connection works on build 9644. Thank you very much for your amazing support!