[GH-ISSUE #3271] No way to enter passphrase for encrypted SSH private keys #35774

Open
opened 2026-06-18 21:00:30 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @kiber-io on GitHub (Jun 14, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/3271

Originally assigned to: @oschwartz10612 on GitHub.

Describe the Bug

It appears that Pangolin does not support SSH private keys protected with a passphrase.

When a passphrase-protected private key is configured, authentication fails because there is no way to provide the key's passphrase.

Newt logs show:

DEBUG: nativessh: authenticating user "<user>" (hasPassword=false, hasPrivateKey=true)
DEBUG: nativessh: failed to parse private key for "<user>": ssh: this private key is passphrase protected
DEBUG: nativessh: no password provided for "<user>"
DEBUG: SSH error: Authentication failed
DEBUG: SSH native session error: auth for user "<user>": authentication failed for user "<user>"

At the moment, the only apparent workaround is to use an unencrypted private key, which is generally not recommended.

Environment

  • OS Type & Version: Ubuntu 24.04.4 LTS
  • Pangolin Version: 1.19.2
  • Edition (Community or Enterprise): Enterprise (self-hosted)
  • Gerbil Version: 1.4.2
  • Traefik Version: 3.7.5
  • Newt Version: 1.13.0

Steps to reproduce

  1. Configure SSH access using "Pangolin SSH + Manual Authentication".
  2. Configure the target host to use SSH public key authentication.
  3. Use a private key protected with a passphrase.
  4. Attempt to authenticate using the encrypted private key.

Actual Behavior

Authentication fails. There is no prompt or UI element for entering the private key passphrase.

Expected Behavior

Pangolin should provide a way to enter the private key passphrase and complete authentication.

Originally created by @kiber-io on GitHub (Jun 14, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/3271 Originally assigned to: @oschwartz10612 on GitHub. ### Describe the Bug It appears that Pangolin does not support SSH private keys protected with a passphrase. When a passphrase-protected private key is configured, authentication fails because there is no way to provide the key's passphrase. Newt logs show: ```text DEBUG: nativessh: authenticating user "<user>" (hasPassword=false, hasPrivateKey=true) DEBUG: nativessh: failed to parse private key for "<user>": ssh: this private key is passphrase protected DEBUG: nativessh: no password provided for "<user>" DEBUG: SSH error: Authentication failed DEBUG: SSH native session error: auth for user "<user>": authentication failed for user "<user>" ``` At the moment, the only apparent workaround is to use an unencrypted private key, which is generally not recommended. ### Environment - OS Type & Version: Ubuntu 24.04.4 LTS - Pangolin Version: 1.19.2 - Edition (Community or Enterprise): Enterprise (self-hosted) - Gerbil Version: 1.4.2 - Traefik Version: 3.7.5 - Newt Version: 1.13.0 ### Steps to reproduce 1. Configure SSH access using "Pangolin SSH + Manual Authentication". 2. Configure the target host to use SSH public key authentication. 3. Use a private key protected with a passphrase. 4. Attempt to authenticate using the encrypted private key. #### Actual Behavior Authentication fails. There is no prompt or UI element for entering the private key passphrase. #### Expected Behavior Pangolin should provide a way to enter the private key passphrase and complete authentication.
GiteaMirror added the enhancement label 2026-06-18 21:00:30 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#35774