Xcode seems not compatible with the ssh key RSA-SHA2 while trying to git clone from Azure

Question

Created Jun ’24

Replies 4

Boosts 2

Participants 4

Since a few days, I'm trying to fetch our private SPM repo hosted on Azure via Xcode but without success. Actually they now accept only ssh key RSA-SHA2-256 or RSA-SHA2-512.

So I created a new SSH key, but it seems the problem persists when I try to fetch spm repo or git clone via xcode:

"You’re using ssh-rsa that is about to be deprecated and your request has been blocked intentionally. Any SSH session using SSH-RSA is subject to brown out (failure during random time periods). Please use rsa-sha2-256 or rsa-sha2-512 instead. For more details see aka.ms/ado-ssh-rsa-deprecation. remote: ERROR_SSH_UNSUPPORTED_CIPHER (7) (-20)"

Even so I'm choosing the good new ssh key, it seems Xcode is sending wrong information about the new generated ssh key.

Anyone is experiencing the same here?

Boost

Answer 1

RolfGprvt OP

Jun ’24

Same here. Additionally, I added the public key to Azure, and it's shown valid there.

2

Answer 2

DTS Engineer OP

Apple

Jun ’24

Can you please file a bug report regarding the behaviors you're seeing here? Once you open the bug report, please post the FB number here for my reference.

If you have any questions about filing a bug report, take a look at Bug Reporting: How and Why?

2

Answer 3

AlexAAD OP

Jun ’24

Hi,

Here is the number -> FB13939642

Thanks for your help.

1

Answer 4

ken177 OP

Jun ’24

Hello:

I am having the same issue on two of my Macs when using Azure DevOps.

Here is a link to the Microsoft post on the brownout.

https://devblogs.microsoft.com/devops/ssh-rsa-deprecation/

I created a new 256 bit key and verified the public key is on the server and all git commands except "push" work.

When I push from a terminal it works. When I push from Xcode I get the error about the RSA-SHA2-256 requirement.

If I remove the public key from the server, or the private key from the client both the terminal "git push" and the Xcode error message change so I am fairly confident that the public and private keys are correctly installed.

One of my Macs has openssh 9.6 and the other has 9.4

Neither versions of openssh support 512bit keys. But if you attempt to create a 512bit key it will create a 256bit key with no warning. (this seems like a serious security issue)

Any help on this issue would be appreciated.

Thanks

1