Adding a GitHub repository in Xcode 7 using SSH authentication gives an authentication error

前端 未结 2 1517
挽巷
挽巷 2021-01-19 21:07

I\'m trying to set up a Bot in Xcode 7 for integration testing. As part of setting this up I am adding a remote repository to the project using Xcode > Preferences > Ac

相关标签:
2条回答
  • 2021-01-19 21:33

    After thinking that this was an Xcode 7 bug, because of posts like this one I finally found that the problem was actually caused by GitHub.

    GitHub implemented third party access restrictions for organizations and teams which meant that any SSH keys generated before February 2014 would no longer work for new apps. Look for the section in your organization's settings pages:

    I generated new SSH keys and uploaded them and my Xcode 7 bots are working fine with SSH.

    0 讨论(0)
  • 2021-01-19 21:44

    I got a similar problem with getting XCode to authenticate, but with a repository hosted on my synology NAS, running DSM 5.2 which has git-server running.

    Using XCode 7.1.1 on OSX 10.11 and trying to connect to git with ssh://myUser@192.168.1.220:/volume1/git/myrepository.git results in a dialogbox "Failed to Start SSH session: Unable to exchange encryption keys(-1)".

    If you enable logging on the nas /etc/ssh/sshd_config

    SyslogFacility USER 
    LogLevel DEBUG
    

    And restart the SSH service ( in the synology webfrontend ), then you can then check what's going on in /var/log/messages (e.g. with nano /var/log/messages and then press ctrl+w, ctrl+v to jump to the end of the file, it's loooong). It will report something like this:

    mynas sshd[24182]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.co$
    

    So basically the client and the NAS can't agree on what 'HMAC' algorithm to use. So let's add one to the NAS ( probably lowering the security, but we have no way to change it on the xcode side, afaik ):

    Login to the NAS as root and edit /etc/sshd/sshd_config and add "hmac-sha1" to the line with MACs: xxx at the very end ( WARNING: I strongly suggest to create a backup first, if you make a typo you can lose SSH-access to the box! But you can still get in using "Telnet" (enable it in your NAS' webfrontend) and use your backup. The line will look like this:

    MACs hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1
    

    Restart the SSH service and retry accessing git with XCode, and check the log again.

    Nov 29 17:30:59 mynas sshd[31077]: fatal: Unable to negotiate a key exchange method [preauth]
    

    So login to your NAS, edit the sshd_config again and let's add "diffie-hellman-group1-sha1" ( a good guess :p ) to the end of the Kexalgorithms line:

    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1
    

    Okay, restart the SSH service again, and try again to login with XCode. Now it works.

    DISCLAIMER: I'm not a Linux expert, so there might be better ways to do this. Also, this lowers the security on your NAS as you are accepting less secure algorithms... but at least it works, and if anyone has better idea's, I'd love to hear it.

    0 讨论(0)
提交回复
热议问题