If you are using Swift Package Manager as part of the
xcodebuild process, you may find that this fails with the following error message:
xcodebuild: error: Could not resolve package dependencies: Authentication failed because the credentials were rejected
xcodebuild: error: Could not resolve package dependencies: The server SSH fingerprint failed to verify.
This issue will only occur when trying to access private git repos when using SSH key authentication.
This is caused by a bug in the way that
xcodebuild handles SSH keys and has been a known bug since the debut of Xcode 11, occurring both locally, but more specifically, in a CI environment.
xcodebuild does not conform to the system ssh config and does not access the keys CircleCI stores in
ssh-agent. We can work around this by requesting Xcode uses the main system version of ssh which will behave as expected.
The workaround for this is to add the following lines to your config file, directly after the
- run: sudo defaults write com.apple.dt.Xcode IDEPackageSupportUseBuiltinSCM YES
- run: rm ~/.ssh/id_rsa || true
- run: for ip in $(dig @220.127.116.11 bitbucket.org +short); do ssh-keyscan bitbucket.org,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true
- run: for ip in $(dig @18.104.22.168 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true