Adding a GitHub repository in Xcode 7 using SSH au

2019-02-23 18:15发布

问题:

I'm trying to set up a Bot in Xcode 7 for integration testing. As part of setting this up I am adding a remote repository to the project using Xcode > Preferences > Accounts > Add Repository... but it fails with the message Authentication failed:

GitHub is working at the command line using this SSH key, why is Xcode 7 not working?

回答1:

After thinking that this was an Xcode 7 bug, because of posts like this one I finally found that the problem was actually caused by GitHub.

GitHub implemented third party access restrictions for organizations and teams which meant that any SSH keys generated before February 2014 would no longer work for new apps. Look for the section in your organization's settings pages:

I generated new SSH keys and uploaded them and my Xcode 7 bots are working fine with SSH.



回答2:

I got a similar problem with getting XCode to authenticate, but with a repository hosted on my synology NAS, running DSM 5.2 which has git-server running.

Using XCode 7.1.1 on OSX 10.11 and trying to connect to git with ssh://myUser@192.168.1.220:/volume1/git/myrepository.git results in a dialogbox "Failed to Start SSH session: Unable to exchange encryption keys(-1)".

If you enable logging on the nas /etc/ssh/sshd_config

SyslogFacility USER 
LogLevel DEBUG

And restart the SSH service ( in the synology webfrontend ), then you can then check what's going on in /var/log/messages (e.g. with nano /var/log/messages and then press ctrl+w, ctrl+v to jump to the end of the file, it's loooong). It will report something like this:

mynas sshd[24182]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.co$

So basically the client and the NAS can't agree on what 'HMAC' algorithm to use. So let's add one to the NAS ( probably lowering the security, but we have no way to change it on the xcode side, afaik ):

Login to the NAS as root and edit /etc/sshd/sshd_config and add "hmac-sha1" to the line with MACs: xxx at the very end ( WARNING: I strongly suggest to create a backup first, if you make a typo you can lose SSH-access to the box! But you can still get in using "Telnet" (enable it in your NAS' webfrontend) and use your backup. The line will look like this:

MACs hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1

Restart the SSH service and retry accessing git with XCode, and check the log again.

Nov 29 17:30:59 mynas sshd[31077]: fatal: Unable to negotiate a key exchange method [preauth]

So login to your NAS, edit the sshd_config again and let's add "diffie-hellman-group1-sha1" ( a good guess :p ) to the end of the Kexalgorithms line:

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1

Okay, restart the SSH service again, and try again to login with XCode. Now it works.

DISCLAIMER: I'm not a Linux expert, so there might be better ways to do this. Also, this lowers the security on your NAS as you are accepting less secure algorithms... but at least it works, and if anyone has better idea's, I'd love to hear it.