HomePhabricator

Work around lack of PKCS8 support in OSX ssh-keygen

Description

Work around lack of PKCS8 support in OSX ssh-keygen

Summary:
Ref T4209. Ref T6240. Ref T6238. See D10401 for original discussion.

On OSX, ssh-keygen doesn't support PKCS8:

  • When we hit an issue with this, raise a more tailored message about it.
  • Allow the user to work around the problem with auth cache-pkcs8 ..., providing reasonable guidance / warnings.

In practice, this only really matters very much for one key, which I'm just going to make the services extension cache automatically. So it's sort of moot, but good to have around for weird cases and to make testing easier.

Test Plan: Hit error, cached key, got clean asymmetric auth.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4209, T6240, T6238

Differential Revision: https://secure.phabricator.com/D11021