I was wondering how others handle password-protected private keys with Erlang’s ssh client (
:ssh.connect/[3,4]). I’m currently passing the password in the clear with the
:rsa_pass_phrase option to
:ssh.connect/3. That’s not desirable to say the least.
It would be great if I could somehow use
ssh-agent, but that doesn’t look possible with since the
ssh_client_key_api API requires you to return decrypted private keys and not forward the negotiation steps. At least from my brief skim of the
ssh-agent protocol, it won’t return a decrypted private key. That makes sense, though,
I may end up prompting for the password everytime the key is needed. From a workflow perspective, though, entering in a password is not great so I’m hoping for other options.