Xcode 12 git with "ssh://" and private key still broken

I've been able to both trigger and repair this problem.

To trigger the bug (this is reliable, but is not the shortest method):

• Create a new local user (to be sure of no previous state)

• Do not create the .ssh directory or your public & private keys yet

• Use Xcode to try and clone the source.

• Xcode, "Source Control", "Clone ...", paste the URL into the "Enter repository URL" field at the top.

• Use a URL of the form "ssh://remoteuser@host.com/Users/remoteuser/path/repo.git". I.e. both SSH and non-default remote username.

• In the username authentication dialog that pops up, switch from "Username and Password" to "SSH Keys"

• Xcode notices you don't have ssh keys yet, and offers to create them. Hit "Create Key"

• Give it a passphrase, let it save your keys in the default .ssh directory.

• Minor bug: the dialog still thinks there are no existing keys. Hitting "SSH Keys" again will get it to notice they exist now.

• Hit Clone, then Trust to accept the remote hosts's id.

• Now it (appropriately) fails and you see "Unknown error" in the dialog. Hit cancel to dismiss the dialog window.

• Hit Clone again with the same URL.

• Now you get "An unknown error occurred" and "username does not match previous request (-1)"

The real error is that your newly created public key is missing from the remote .ssh/authorized_keys file, but this is the message you get from Xcode.

And now it's stuck. Additional attempts to clone just gets the same error message without the username/password dialog prompts.

And even after fixing ssh by adding your public key to the remote user's .ssh/authorized_keys file, Xcode is still stuck with the same error message.

There are many other (far shorter) ways to get stuck with this failure, but this demonstrates that there is no "previous request" or previous saved-state involved. The basic idea is that if Xcode's use of ssh fails you will get a bogus error message from Xcode about not matching previous requests and it is stuck.

To repair:

• Quit Xcode if it's still running

• If still needed, fix your ssh problem (e.g. add your public key to the remote user's .ssh/authorized_keys).

• Test git in a shell (not in Xcode). E.g. "cd /tmp ; git clone ssh://remoteuser@host.com/Users/remoteuser/path/repo.git"

• Delete Xcode's preferences file in ~/Library/Preferences/com.apple.dt.Xcode

• Reboot. Let me shout that. You MUST REBOOT your computer at this point.

Now when you try and clone it with Xcode you'll get the username/password dialog with "SSH Keys" selected and a request to unlock the passphrase. Give it the passphrase and the clone will work. And then next time it'll even fetch your passphrase from your keychain and you won't need to type it again.

If you really really don't want to just delete your prefs file, you can do surgery on it to fix it, but it's pretty silly:

With Xcode not running:

• cd ~/Library/Preferences

• plutil -convert xml1 com.apple.dt.Xcode

(or use a plist editor that can process binary files)

• edit com.apple.dt.Xcode and find the key "IDESourceControlKnownSSHHostsDefaultsKey"

• delete both the key and its data. Save and ...

• REBOOT

To repeat, after deleting or editing the prefs file you need to reboot. Quit and relaunch of Xcode is not enough. Logout and logging in again is not enough. There's some (tbd) account/identity daemon/state file that Xcode is chatting with that's caching the old bogus info.

Additional notes:

• the occasional duplicate entries in the prefs file under DVTSourceControlAccountDefaultsKey appear to be minor issues that can be ignored.

• Xcode's use of ssh appears to just ignore the "User" directive in .ssh/config.

• This was tested with Xcode Version 12.3 (12C33) under MacOS 11.1.

I've had some success using the notes provided by guyton. I have 2 machines which were both exhibiting this problem. I followed the same procedure on both:

created key pair and exported the public key to the remote server successfully
verified that I can access remote using command line git clone

With Xcode not running:

(1) delete the IDESourceControlKnownSSHHostsDefaultsKey using defaults utility:
defaults delete com.apple.dt.xcode IDESourceControlKnownSSHHostsDefaultsKey
(2) REBOOT machine
(3) start Xcode and attempt to clone a project

On one machine this worked perfectly - Xcode showed the dialog for picking ssh key pair to use and then cloned the remote project as expected. All other projects again allow remote push, pull, etc.

However on the other machine, I still get the -1 error. I suspect it has something to do with ssh environment but do not really know how to troubleshoot the problem. Any suggestions would be appreciated.

It seems like I have this problem—everything had been fine until I rebooted after updating to Big Sur 11.2.1 this morning—but the supplied solution doesn't fix it.

After rebooting should I first git fetch in one of my repos (which has the side-effect of adding the ssh key to the ssh agent, visible when I ssh-add -l) or not?

For others having this problem a simple way to delete that key from Xcode's preferences plist without deleting the whole thing or hand-editing is to use PlistBuddy:

Code Block 
/usr/libexec/PlistBuddy -c "Delete :IDESourceControlKnownSSHHostsDefaultsKey" ~/Library/Preferences/com.apple.dt.Xcode.plist

No need to reboot in my experience as long as you kill the ssh-agent -l process after editing the plist. Hope this helps :-)

I would like to express my appreciation for the comments here, as it resolved the problem I was having. I could "git clone", "git fetch", "git pull", whatever from the command line using ssh keys while talking to a local server machine just fine, but was unable to get Xcode (12.4 running on macOS 11.2.3) to cooperate. It would complain about its inability to authenticate using the ssh key. The steps here allowed me to resolve the problem, but the steps were scattered about a bit. I thought I might contribute by combining them:

• Quit Xcode if it's still running

• If still needed, fix your ssh problem (e.g. add your public key to the remote user's .ssh/authorized_keys).

• Test git in a shell (not in Xcode). E.g. "cd /tmp ; git clone ssh://remoteuser@host.com/Users/remoteuser/path/repo.git"

(in Terminal...)

Code Block 
$ defaults delete com.apple.dt.xcode IDESourceControlKnownSSHHostsDefaultsKey
$ sudo killall ssh-agent

• start Xcode and attempt to clone a project into a temporary directory using your ssh://... URL

After completing those steps, I was able to open the original project which was causing grief in Xcode, and could successfully pull, fetch, whatever.

For the benefit of future Google searches:

xcode git ssh authentication failed because the credentials were rejected
xcode 12 authentication failed because the credentials were missing
xcode 12 authentication failed because the credentials were rejected
xcode git ssh authentication failed, works OK from command line

A minor contribution, but it's a start...

Uncle!

This worked until I quit and relaunched Xcode, with absolutely no other actions taken between the termination and launch. I'll rely on the command line or username/password from now on, at least until they get the bug fixed.

Xcode seems to not like ed25519 encrypted ssh keys. Try removing those, and replace with rsa keys instead.

In case it helps anyone:

In my currently used Xcode version (15.2) I could tap on any ssh errors inside of the build log. This opens a modal for me where I can select any other key.