I was wondering how others handle password-protected private keys with Erlang’s ssh client (:ssh.connect/[3,4]). I’m currently passing the password in the clear with the :rsa_pass_phrase option to :ssh.connect/3. That’s not desirable to say the least.
It would be great if I could somehow use ssh-agent, but that doesn’t look possible with since the ssh_client_key_api API requires you to return decrypted private keys and not forward the negotiation steps. At least from my brief skim of the ssh-agent protocol, it won’t return a decrypted private key. That makes sense, though,
I may end up prompting for the password everytime the key is needed. From a workflow perspective, though, entering in a password is not great so I’m hoping for other options.
I really wish the ssh library worked with both certs and ssh-agent, it’s kind of useless to me w/o that support. I guess I need to start looking at some code.
I just ran into this myself and thought the original participants and anyone (like me) that’s since found this post might be interested to know that there is (now at least) an Erlang ssh_agent module: