OK, so there was a couple of problems.
First, the sed was having trouble. I was using GNU extensions and not Posix sed. Problems could surface on platforms like OS X, BSDs and Solaris. OS X happened to be the first one to expose it. I'm not sure why the problem did not surface sooner.
We can sidestep the sed problems with perl. Commands like `perl -pe 's/\n//g;' rsa-pub.pem > rsa-eol-cr.pem` works as expected.
Second, OpenSSL was not using CRLF as the end-of-line on OS X. This was a painpoint because we depend on OpenSSL to use
CRLF. Then, we build test cases by tampering with keys, like removing CR's, removing LF's, removing characters in the encapsulated header, etc.
unix2dos and mac2dos can usually be used to fix the problem, but it was not available on two of my Macs and
was not available
Travis machines. We can figure out ways to install it, but that's a pain in the ass.
I will be able to move to the SSH gear soon.
Jeff