The problem
If you are trying to use SealiSoftware's PSSH SSH2 client for PalmOS and are receiving this error message:
Incorrect passphrase, or incorrectly formatted memothen I may be able to help.
Not the solution (to my problem, but maybe to yours)
Apparently the final release of PSSH (2005-06-23) has a bug related to scanning the PalmOS Memo database, which you can work around (to summarize violently) by making sure the memo you are trying to import is the alphabetically-first memo (you can probably do this by making sure the memo begins with a hyphen).
The solution
However, that didn't solve things for me. It turns out that PSSH is very particular about the crypto options used to store the private key. In particular, these days (2011) ssh-keygen will probably generate a key file that contains
but PSSH can't handle that. If you look at the strings in the PSSH binary, you will see this error message: "Ciphers other than DES-EDE3-CBC not supported"; however, due to the structure of the application, this error message is not displayed for the user.DEK-Info: AES-128-CBC,6889844A2463E24AA983A1D1D2CEC3B0
I couldn't figure out how to tell ssh-keygen which cipher to use to encrypt the passphrase, but I did figure out how to do the equivalent job using OpenSSL's x509 tool and then how to use ssh-keygen to convert the key back to SSH's authorized_keys format.
% openssl genrsa -des3 -out yyy 4096
% ssh-keygen -e -f yyy > yyy.exported
% ssh-keygen -i -f yyy.exported > yyy.imported
The file yyy should be turned into a PalmOS Memo and imported into PSSH; the file yyy.imported is the correct format for authorized_keys; yyy.exported is irrelevant.
The last step
This information should get you to the point where PSSH prompts you for a passphrase (if not, I don't know what's wrong). Amusingly enough, I got this far and still failed. The problem turned out to be that my passphrase was too long (around 45 characters). Empirically, it seems as if you should use a passphrase which is short enough that it doesn't overflow the field on the import dialog box.
Hopefully this helps somebody... though, since it's now 2011 and PalmOS is completely dead, it's hard to imagine lots of people are still importing public keys into PSSH. I'm doing it only because recently our KDC's have been melting down due to onslaughts of people trying to break into our systems via ssh, and public-key authentication doesn't care if the KDC's are hosed..
Usage note
Note that it takes a Treo 700p a long time (around 30 seconds) to do the math for a 4096-bit key.
