You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 4, 2023. It is now read-only.
I have two systems each running Xcode Server. Since around the 16th, both are unable to sense commits to repos and therefore do not trigger builds. When I investigate the server bot settings, I see the message that "SSH fingerprint could not be verified". I told both systems to trust the fingerprint, and all was good for one week. Then it happened again yesterday, and a colleague pointed me to the github blog post: https://github.blog/2021-09-01-improving-git-protocol-security-github/
I rotated one system to ecdsa, and this morning I realized this ssh-key-algo script exists.
So I ran ssh-key-algo on the server that is yet to update and I'm told "You're using an RSA key with SHA-2 (algorithm rsa-sha2-512). You're all set!"
That is the same key type that was failing on both of my servers. The ecdsa system also tells me "You're all set!" but this morning I see that server encountered a fingerprint problem again after updating in accordance with the blog post.
I can't tell if this means that this script is giving me a false positive, or if there is something deeper wrong.
The text was updated successfully, but these errors were encountered:
There's two things going on here. New host keys were added, which is where your "SSH fingerprint could not be verified" is most likely coming from. Because the host key changed, your ssh library is no longer happy with the fingerprint of the server key, and is thus erroring out.
This script on the other hand is about checking whether the key on your local system will still be accepted by the server, which seems to be the case.
I'm not sure which library you are using that is telling you "SSH fingerprint could not be verified" (a quick search for that exact error message didn't seem to turn up anything, so I'm not quite sure which one it is and it's hard to give specific advice), but you probably need to make sure that this library is accepting the new host keys.
@tgummerer Thank you for the information. The error is coming from within Xcode's GUI interface to the Xcode Server component. Presumably it is using whichever SSH comes with installing Xcode tools. Previously, I never had to think about this aspect of the process; it was just something Xcode Server handled automatically. I'm unclear why Xcode is unable to adapt to these new keys as gracefully as it did in the past. I'll push forward with this information, thank you.
I have two systems each running Xcode Server. Since around the 16th, both are unable to sense commits to repos and therefore do not trigger builds. When I investigate the server bot settings, I see the message that "SSH fingerprint could not be verified". I told both systems to trust the fingerprint, and all was good for one week. Then it happened again yesterday, and a colleague pointed me to the github blog post: https://github.blog/2021-09-01-improving-git-protocol-security-github/
I rotated one system to ecdsa, and this morning I realized this ssh-key-algo script exists.
So I ran ssh-key-algo on the server that is yet to update and I'm told "You're using an RSA key with SHA-2 (algorithm rsa-sha2-512). You're all set!"
That is the same key type that was failing on both of my servers. The ecdsa system also tells me "You're all set!" but this morning I see that server encountered a fingerprint problem again after updating in accordance with the blog post.
I can't tell if this means that this script is giving me a false positive, or if there is something deeper wrong.
The text was updated successfully, but these errors were encountered: