Hello, We've found out that ssh-keygen, when openssh is built against OpenSSL 3.0, doesn't properly work with encrypted PKCS#8 private key files. I've filed the bug https://bugzilla.mindrot.org/show_bug.cgi?id=3330 and github PR https://github.com/openssh/openssh-portable/pull/264 to fix this issue. But I should mention that it's not the only change that is worth doing taking into account the fact that OpenSSL 3.0 is in Beta1 stage. There are a lot of warnings related to the usage of the deprecated functions. I'm afraid that getting rid of the deprecation warnings is too huge a task to be done in the nearest release, but I think it's definitely worth doing and I can participate in it. If necessary, I can provide the results of 'make tests' for the OpenSSL 3.0 -- Dmitry Belyavskiy