ssh-key with passphrase not working

[asrocha]

Hello,

I trying from weeks to scan same server CentOS 7/8 on Oracle Cloud. my ssh-key to access this server has a pass-phrases I 'm trying the same way with I scan my local servers but it not working, my local server not have paraphrase on yours key.
I adding -ask-key-password option on command line but it is not working.
ssh -i opc@hostonoci.domain works, than the hosts was in ssh/known_hosts and on .ssh/authorized_keys on target hosts

I 'm looking for documentation about ssh-keys with pass-phrases but not found.

can you help.

[asrocha]

This is my config.toml

[servers]

[servers.demoapp]
host = "demoapp.domain.com"
port = "22"
user = "opc"
keyPath = "demoapp.key"
scanMode = ["fast-root"]

[servers.suporte]
host = "suporte.domain.com"
port = "22"
user = "opc"
keyPath = "oci_rsa"
scanMode = ["fast-root"]

both key files are in the same directory and when I run scan on demoapp a server where the key don´t need passphrase its run fine, but when I run scan on suporte a key that need passphrase it not work,
I had tried all combinations off -ask-key-password option and -ssh-native-insecure.

can you help me

[kotakanbe]

Hi, @asrocha

Try using ssh-agent.

https://docs.oracle.com/cd/E19683-01/806-4078/6jd6cjru9/index.html
http://rabexc.org/posts/using-ssh-agent

Vuls scan has an option, -ssh-native-insecure.

. /vuls scan -h
...
 -ssh-native-insecure
        Use Native Go implementation of SSH. Default: Use the external command

The default (without the option) uses the OS's ssh command.
When the above option is specified, the connection is made with the ssh implementation of Go library.

The external ssh command can use ssh-agent to bypass entering the ssh private key passphrase.
In -ssh-native-insecure, you can bypass the ssh private key passphrase by specifying -ask-key-password.

The current implementation of ssh-native-insecure does not implement host key checking, so it is recommended to use OS SSH.