Created attachment 2816 [details] shell session log OS: Fedora 23 x86_64 In the attached session log, I created an ecdsa key in pem format with no password. I then use "ssh-keygen -p" to change the password (but actually keep choosing to blank it) but add "-o" to convert the file to the new openssh format. After I run ssh-keygen -p again to convert the file back to pem format, the contents of the file has changed drastically and ssh-add can no longer read it. This behavior occurs with ssh 6.9p1 or ssh 7.2p2 whenever it runs against openssl 1.0.2 shared libs. When run against openssl 1.0.1 shared libs, the last pem-format key file can still be loaded. In my real usage I had a passphrase on my keys. For the purpose of this test I used a blank password, but I get the same behavior with or without a password. I don't know if the problem is that the openssh->pem conversion is buggy or if there is an API breakage between openssl 1.0.1 and 1.0.2.
In my previous comment, wherever I said "pem", pleaes substitute "RFC4716"
Still appears to be an issue with latest build, investigating.
Fixed in latest version
close bugs that were resolved in OpenSSH 8.5 release cycle