After updating Xcode from 16.2 to 16.4, my xcodebuild commands began failing with "Server SSH Fingerprint Failed to Verify" when accessing Bitbucket repositories.
During the build process, I could see Xcode's AuthenticationAgent running SSH with these arguments:
/usr/bin/ssh -v -F /dev/null -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o SendEnv=GIT_PROTOCOL git@bitbucket.org git-upload-pack 'xxx.git'
Xcode 16.4 appears to be ignoring my local ~/.ssh/known_hosts file and instead using its own managed known_hosts system (stored in IDESourceControlModernKnownSSHHostsDefaultsKey within com.apple.dt.Xcode.plist).
My local known_hosts file contains three entries for Bitbucket: ssh-ed25519, ecdsa-sha2-nistp256, and ssh-rsa. After updating Xcode to 16.4 and opening my existing project, Xcode prompted with "Xcode can't verify the identity of a repository hosted on 'bitbucket.org'" and offered a "Trust" button. When I clicked "Trust," Xcode's managed known_hosts only stored the ecdsa-sha2-nistp256 entry for Bitbucket.
I was able to resolve the issue by overwriting Xcode's managed known_hosts with the ssh-rsa Bitbucket entry from my local known_hosts file.
Also, this behavior for some reason seems to vary between machines after the same Xcode update. So on my machine, Xcode 16.4 ignores the local ~/.ssh/known_hosts. My coworker's Xcode continues to use the local ~/.ssh/known_hosts file and works normally.
What could cause Xcode 16.4 to handle SSH known_hosts differently on seemingly identical setups? Is there a hidden configuration that determines whether Xcode uses its managed known_hosts versus respecting the system's SSH configuration? Additionally, why did Xcode only store the ecdsa-sha2-nistp256 host key for Bitbucket when I clicked "Trust" instead of all available host key types, and why doesn't this single key type work?