Is there a secret to getting the public key stuff to work with SSHv2?

Going from a NetBSD-1.5.2 host, I add the id_dsa key to the agent, but
I always have to enter the passphrase anyway; then it says it
succeeded, but it still asks for my password on the remote host!

debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: userauth_pubkey_agent: trying agent key /u/fredb/.ssh/id_dsa
debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: try pubkey: /u/fredb/.ssh/id_dsa
debug: PEM_read_PrivateKey failed
debug: read SSH2 private key done: name <no key> success 0
Enter passphrase for key '/u/fredb/.ssh/id_dsa':
debug: read SSH2 private key done: name dsa w/o comment success 1
                                                        ^^^^^^^
debug: sig size 20 20
debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: next auth method to try is password
fb@shell-1.enteract.com's password:

I could just skip the agent, hit return when it prompts for the
passphrase, and just use password authentication, but I was wondering
if perhaps I'm missing something.

Another thing. I have an .ssh/config just slightly longer than this:

Host                    *.enteract.com
User                    fb
GatewayPorts            yes
#Protocol               1

Host                    *
Cipher                  blowfish
Compression             yes
CompressionLevel        3

With v1, ssh correctly concatenates all the options for hosts that
match the first block with the second block. With v2, it doesn't,
choosing defaults for anything that isn't in the first matching block.
(In this case, "Cipher 3des" and "CompressionLevel 6".)

Frederick