pka passphrase not working

Hello, i am using openssh 4.3
Connecting raw to the server i get this header

I built from source using the default options; configure, make and make

The following is my sshd_config:

Port 22
Protocol 2,1
HostKey /usr/local/etc/ssh_host_key
StrictModes yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
UseLogin no
UsePrivilegeSeparation yes
PermitUserEnvironment no

My goal using this config mainly is to have it so a user must have a copy of
the private key, and their public key must be in the authorized_keys file
for that user.

What i would also like to do is have a passphrase for the private key. When
i do so with ssh-keygen, sshd wont load. a "cant load key" type of message
is given.

Secondly, if the user has the private key, and their public key is in the
authorized_key file, i would like sshd to then further authenticate with the
users local password. How can i make it so that PKA, passphrase and
password authentication both take place?

Currently with this config, when the user connects, the client tries PKA. if
successful, they are dropped to a shell. If PKA is not successful, they are
given a password prompt, to which the correct user password does not
succeed. I want to add a passphrase, and also require password
authentication following the PKA.

I created my public/private keys using this:
ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "passphrase"

However, adding a passphrase to the private key causes sshd's failure to
load. Leaving it null causes sshd to load.

Relevant Pages

  • Re: Feature request
    ... >>case why can that not be send across on request in the handshake phase? ... > change his private key in any way, he could no longer be authenticated ... the passphrase is ... but the passphrase belongs to the private keyfile. ...
  • Re: SSH publickey auth
    ... > The goal of using Identity/Pubkey authentication is to remove the need ... > can prove you have the public and private key then you are granted ... You see here the mention of the "passphrase"? ... > authentication credentials 'follow' you. ...
  • Re: How can I secure a Debian installation?
    ... The passphrase protects the private key from being accessed. ... being more secure than a password login because any Tom, ...
  • Re: Crypto Question
    ... > the passphrase used for the private key? ... > 'password' then does it become irrelevant what key size I use to encrypt ... is only supposed to protect the private key. ... PGP / XML GATEWAY APPLIANCE ...
  • Re[2]: Crypto Question
    ... N> If I'm not mistaken, though, the passphrase on the PGP private key is ... N> simply a bit of symmetric-key encryption to help protect your private ... N> I've never really looked at the internal workings of PGP (but I ...