Xcode asking for ssh at every build, because a shell script uses ssh

Lravid

I have a custom Xcode run script phase that uses ssh to check its submodule's up-to-date status.
But since I set it up to use the ssh keys via 1Password, every time I build the project, it asks for the key:
"1Password is trying to allow "ssh" to use the key "key_name" for SSH."

Is there any way around this without exporting the private keys from 1Password?

---

1Password Version: 8.10.3
Extension Version: Not Provided
OS Version: macOS 13.2.1
Browser:_ Not Provided

MartonS1P

Hey @Lravid, thanks for reaching out about this issue you're encountering.

If you'd like to, you could try switching to the nightly channel to try out the new SSH authorization prompts. With these prompts, whenever you get prompted for SSH access you'll be able to tick the Approve for all applications checkbox, to not get prompted again for the same key until your approval expires.

If you'd like to stay on the production channel, you'll have to wait a bit longer for the new authorization prompts to be released.

Lravid

Hi Marton, thank you for the fast response.
I tried the nightly build and it looks like it's working!

Could this also be a solution to that it was worthwhile to turn off auto fetch in git clients because of random prompts?

MartonS1P

Glad to hear it works, @Lravid!

Regarding autofetch requests popping up prompts at random times: in the latest nightly the app does its best to detect when a request is caused by a git autofetch or other background process and it will not bother you with prompts in those cases. Instead it will show a red dot on the app's tray/menubar icon, which you can click if you still want to see the SSH authorization prompt.

Of course, checking the checkbox for some frequently used SSH keys will also decrease the overall frequency of prompts.

Lravid

I've been using it for a couple of days with auto fetch turned on, and so far it seems to be working pretty well, with no random prompts.
The only thing I've noticed and can't see what it's based on so far is whether the "Approve for all application" checkbox on the alert is already checked or not. What does this depend on?

MartonS1P

@Lravid the checkbox state will be remembered on a per-key basis. So the "Approve for all application" checkbox will be checked by default if you have checked it last time you've authorized access to that key.