This issue is an attempt to report an observed behavior of libssh2 under Debian.
The libssh2 can use two different crypto libraries to perform encryption/decryption: OpenSSL or Libgcrypt
Configure options for libssh2:
By default OpenSSL is udsed if --with-libgcrypt is not specified.
Debian's package is using Libgcrypt:
Why it happened?
And as result Debian's package is using Libgcrypt
In its package in a file "rules" a line exists:
CONFIGURE_EXTRA_FLAGS = --with-libgcrypt
The package's Changelog excerpt:
The library libssh2 for several other checked distros (centos, gentoo) and freebsd is using default OpenSSL
In the same time openssh-client is using only OpenSSL:
So, the problen is not visible when try to use an private key with passphrase from console (by openssh-client).
"The Libgcrypt backend in libssh2 contains a hand written
slimmed down ASN.1 parser to read out the RSA key, but it does not
support any of the PKCS* encrypted forms of RSA keys. The OpenSSL
backend in libssh2 uses OpenSSL to read the keys, so it supports
whatever private key formats that OpenSSL supports."
"Are you using libgcrypt or OpenSSL as the backend? The libgcrypt
backend can only read unencrypted private keys."
From a #libssh2 on a Freenode I learned that Simon is the author of the libgcrypt backend for libssh
How to distinguish easily:
So, for now we have to add a note to documentation. Here: http://www.zabbix.com/documentation/2.0/manual/config/items/itemtypes/ssh_checks