Hello, we’re consuming a private Swift package which is being consumed via ssh in Xcode.
We’re unable to resolve the dependencies because we’re unable to add GitLab as a known host.
I’ve followed the instructions in this thread to no avail:
The script we are using is:
for ip in $(dig @8.8.8.8 gitlab.com +short); do ssh-keyscan gitlab.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts
The script is placed after the SSH key activation and git clone:
desc "Run all tests"
lane :run_all_tests do
xcodebuild(xcargs: '-resolvePackageDependencies')
scan(project: 'Samples.xcodeproj', scheme: 'Sample', device: 'iPhone 12 Pro Max')
end
Are there any known intricacies with GitLab specifically? Any ideas on how we can make this work?
Passing the ssh key type to the ssh-keyscan command using -t ecdsa solved the problem for us!!
Gitlab is using OpenSSH as the ssh client and as it turns out OpenSSH prefers ECDSA key type if the server provides it and Gitlab server does provide this type of key along with other types. If you don’t pass the key type, all the available keys are fetched from Gitlab and written to your known_hosts file. However, I noticed that in the process of fetching these keys and writing them to the ~/.ssh/known_hosts file, sometimes the ECDSA key comes after the RSA key, and that causes the verification failure. So just kill the noise and fetch the key that the client is looking for. Long story short, here is the command that should do it for you:
for ip in $(dig @8.8.8.8 gitlab.com +short); do ssh-keyscan -t ecdsa gitlab.com,$ip; done 2>/dev/null >> ~/.ssh/known_hosts
