Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH fingerprint failed to verify #4

Closed
yakuhzi opened this issue Sep 30, 2019 · 8 comments
Closed

SSH fingerprint failed to verify #4

yakuhzi opened this issue Sep 30, 2019 · 8 comments

Comments

@yakuhzi
Copy link

yakuhzi commented Sep 30, 2019
edited
Loading

I have set up a Xcode project with a private repository as dependency using Swift Package Manager. Therefore I have to add the ssh key for the dependency. Cloning the repository in a Github Action step is working well, but when I try to build the app in a step with xcodebuild I get the following error:

xcodebuild: error: Could not resolve package dependencies: The server SSH fingerprint failed to verify.
@mpdude
Copy link
Member

mpdude commented Sep 30, 2019

I don't know about the Swift Package Manager... Do you want to clone the private repo from GitHub at all?

@yakuhzi
Copy link
Author

yakuhzi commented Sep 30, 2019

No I dont want to clone the repository directly. I only want to build my app with xcodebuild. But the application depends on the private repository. Normally xcodebuild pulls all the dependencies added with SPM, but here it fails due to the fingerprint. The dependency was added via ssh, so I added the ssh keys to my action.

@mpdude
Copy link
Member

mpdude commented Sep 30, 2019

I think the issue here is that your host containing the private repo does not have its public key in the /etc/ssh/ssh_known_hosts file?

@mpdude
Copy link
Member

mpdude commented Sep 30, 2019

Can you provide a public demo project that shows the error?

@yakuhzi
Copy link
Author

yakuhzi commented Oct 1, 2019

Finally I figured it out. It seems like its a known issue in Xcode 11 (https://developer.apple.com/documentation/xcode_release_notes/xcode_11_release_notes).

Thanks to Dosium in this post (https://discuss.bitrise.io/t/xcode-11-resolving-packages-fails-with-ssh-fingerprint/10388), I was able to get it work.

The solution is to run the following command before running xcodebuild:
for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts

@yakuhzi yakuhzi closed this as completed Oct 1, 2019
@wouterds wouterds mentioned this issue Oct 17, 2019
Closed
@dchohfi dchohfi mentioned this issue Jul 14, 2020
Closed
@pyby pyby mentioned this issue Dec 30, 2020
Closed
@x-yuri
Copy link

x-yuri commented Apr 29, 2021
edited
Loading

@yakuhzi It's generally safer to not rely on ssh-keyscan (that equals to disabling host key verification in case of ci scripts). First, webfactory/ssh-agent adds GitHub host keys anyway. Second, you can find a workaround here.

@mpdude
Copy link
Member

mpdude commented Jun 2, 2021
edited
Loading

It’s been a while, but maybe the answer is that by default, xcodebuild uses its own version of Git which has a separate set of config files.

see https://github.com/webfactory/ssh-agent#using-deploy-keys-with-swift-package-manager

@th-mustache-dk
Copy link

I think the issue here is that your host containing the private repo does not have its public key in the /etc/ssh/ssh_known_hosts file?

I'm fucking buying you a beer i've spent hours on this problem. You are my hero today

cardoe added a commit to cardoe/ssh-agent that referenced this issue Mar 2, 2023
@cardoe
Merge pull request webfactory#4 from cardoe/dependabot/github_actions…
82cfc16 
…/actions/upload-artifact-3

Bump actions/upload-artifact from 2 to 3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@x-yuri @mpdude @yakuhzi @th-mustache-dk