Create SSH Key on Mac for Xcode

README.md

Create SSH Key on Mac for Xcode

The docs for GitHub show a command to create a key with the ed25519 encryption method which is not allowed by Xcode. Even if you are not using the Source Control features in Xcode you will often need to use an account with GitHub when you are consuming Swift packages which are pulled from GitHub.

For SSH keys there are 4 algorithms.

• 🚨 DSA: This is an older algorithm which is no longer supported and is superceded with more modern algorithms.
• ⚠️ RSA: This algorithm was an improvement but it is now outdated and a more modern method should be used.
• 👀 ECDSA: Another improvement which is dependent on your computer's ability to generate random numbers.
• ✅ Ed25519: The most recommended public-key algorithm today which you should use with GitHub.

(Source)

• Generating a new SSH key

Instead of the command shown in the docs, use ecdsa which Xcode will accept. It can be done with the command below which will create a new key in a file named id_github using the ed25519 algorithm. Use your own email for this key. If you already have a key you could move it into another folder or delete it as you won't be using it anymore.

ssh-keygen -o -a 100 -t ecdsa -f ~/.ssh/id_github -C "YOUR_EMAIL@ACME.COM"

Using id_github for the name to makes it easier to identify the purpose for this key. Once the key is created run the ssh-agent.

eval "$(ssh-agent -s)"

Add the key to the Keychain with this command.

ssh-add --apple-use-keychain ~/.ssh/id_github

Once your new key is ready follow these steps to use it.

1. Go to Settings on GitHub then to SSH and GPG keys
2. Remove any keys you won't be using anymore
3. Copy the contents of your new public key with this command: pbcopy < ~/.ssh/id_github.pub
4. Add the new key by pasting it in and use a unique label to identify it
5. Go to Developer Settings then Personal Access Tokens
6. Delete any unused tokens
7. Add a new token with an expiration and copy the token
8. Open Xcode then Preferences
9. Go to accounts and remove the GitHub account
10. Add back a GitHub account with your username and the token that was just copied
11. Select id_github as the SSH key
12. See that Xcode accepts the new key and checks it with GitHub
13. Open the Keychain app and search each keychain for id_github
14. Remove any old keys which will no longer be valid

Once these steps are completed you will be able to use Xcode with GitHub.

---

Thank you ! Have had trouble all day, getting an error from github in Xcode when trying to fetch private dependencies with SPM. Creating an ECDSA key and using it in Xcode was the solution. RSA key wouldn't work anymore since this morning and Ed25519 was not supported by my version of Xcode.

@brennanMKE I was following these steps and they didn't work. Finally I figured it out. Your ssh-keygen command says to use ed25519 but the text says to use ecdsa. Thanks for writing this up, I have it working with ecdsa now.

👌

Correct ssh-keygen command

ssh-keygen -o -a 100 -t ecdsa -f ~/.ssh/id_github -C "YOUR_EMAIL@ACME.COM"

Correct ssh-keygen command

ssh-keygen -o -a 100 -t ecdsa -f ~/.ssh/id_github -C "YOUR_EMAIL@ACME.COM"

ed25519 worked fine for me.

@antranapp

Correct ssh-keygen command

ssh-keygen -o -a 100 -t ecdsa -f ~/.ssh/id_github -C "YOUR_EMAIL@ACME.COM"

ecdsa works for me. Thanks.

Xcode 13.3
Mac OS 12.3 (M1 Pro)

OS version appears to change which command to use but I cannot say which one to use. Run man ssh-keygen to see options for type with the -t switch.

Correct ssh-keygen command

ssh-keygen -o -a 100 -t ecdsa -f ~/.ssh/id_github -C "YOUR_EMAIL@ACME.COM"

👍

What if I want to share a repo via SSH but not all the account? From step 5 the other person I am sharing the repo with would not have to login with my username

Thank you very much!!!! You saved my day dude 🤟🏾🤟🏾🤟🏾

Thank you! This was incredibly hard to figure out. I couldn't find the ecdsa format listed on Git's docs.

tried to add to keychain the ssh key generated, but got error :

ssh-add --apple-use-keychain ~/.ssh/id_bitbucket                                                                                                                        ─╯
ssh-add: illegal option -- -
usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]
               [-h destination_constraint] [-S provider] [-t life]
               [file ...]
       ssh-add -s pkcs11
       ssh-add -e pkcs11
       ssh-add -T pubkey ...

Xcode 13.3 resolved this issue: https://developer.apple.com/documentation/xcode-release-notes/xcode-13_3-release-notes#Source-Control

Xcode now supports using ED25519 public key signatures to perform git operations. You can select an existing ED25519 key from the Accounts tab in Xcode Preferences. (88897990)

tried to add to keychain the ssh key generated, but got error :

ssh-add --apple-use-keychain ~/.ssh/id_bitbucket                                                                                                                        ─╯
ssh-add: illegal option -- -
usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]
               [-h destination_constraint] [-S provider] [-t life]
               [file ...]
       ssh-add -s pkcs11
       ssh-add -e pkcs11
       ssh-add -T pubkey ...

@ThePredators - see: https://github.com/github/docs/blob/main/content/authentication/troubleshooting-ssh/error-ssh-add-illegal-option----apple-use-keychain.md and use /usr/bin/ssh-add --apple-use-keychain ~/.ssh/<key> instead.

Thanks so much! That was so easy with your explanation 🫶 🙏

Thank you! That worked perfectly

Thank you for this great help. After that what is the process to push the project to the repository through Xcode.