All, I looked into compiling openSSH w/out openSSL and discovered it would not save the ed25519 key if it contained a passphrase. Debugging revealed the code is using the DEFAULT_CIPHERNAME = aes256-cbc, but the availble ciphers w/out openSSL are of the aes*-ctr types. Changing DEFAULT_CIPHERNAME = aes256-ctr in sshkey.c fixed the problem. [1] has some discussion regarding aes256-cbc vs aes256-ctr but would like another opinion on whether those points are valid(or references to journal papers discussing the differences). Are there reasons the default is set to aes256-cbc from a security standpoint? If this is a valid fix, please push it upstream. -- rick [1] https://crypto.stackexchange.com/questions/18538/aes256-cbc-vs-aes256-ctr-in-ssh _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev