Recently github changed your ssh rsa host key. On the link https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ its possible to find a solution for how to update your file, but it doesn't work in my case. I do the whole procedure, but another error appears that does not let me connect to the repository due to an error in connection security due to my fingersprinter being different from the requested fingersprinter
Asked
Active
Viewed 712 times
2 Answers
1
Some versions of OpenSSH include the host key for the IP address as well as for the hostname. This is rather unhelpful, as IP addresses can change with DNS, but hostname tend to be more stable.
To remove the old key entirely on Linux:
$ sed -i -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31\/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi\/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==/d' ~/.ssh/known_hosts
On macOS, you need a slightly different invocation:
$ sed -i '' -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31\/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi\/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==/d' ~/.ssh/known_hosts
Then you can do the following (from the post) to fill in the host keys:
$ curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | \
sed -e 's/^/github.com /' >> ~/.ssh/known_hosts
bk2204
- 64,793
- 6
- 84
- 100
-
"$ curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | \ sed -e 's/^/github.com /' >> ~/.ssh/known_hosts" doesnt work on windows – Janio Junior Mar 25 '23 at 12:51
-
Then you can download the actual public key from the blog post and append it to your `~/.ssh/known_hosts` file (that is, the `.ssh/known_hosts` file in your home directory) with your preferred editor. – bk2204 Mar 25 '23 at 15:40
0
As a workaround, you can edit your ~/.ssh/known_host and add at the bottom:
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
It comes from the official page GitHub's SSH key fingerprints.
That should be enough.
VonC
- 1,262,500
- 529
- 4,410
- 5,250
-
This gives me the following error: Warning: the RSA host key for 'github.com' differs from the key for the IP addre ss '20.201.28.151' Offending key for IP in /c/Users/Usuário/.ssh/known_hosts:11 Matching host key in /c/Users/Usuário/.ssh/known_hosts:12 Are you sure you want to continue connecting (yes/no)? yes git@github.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. – Janio Junior Mar 24 '23 at 18:23
-
@JanioJunior Then the known_host issue should be OK. But you need to check what key is actually used: `ssh -Tv git@github.com`. What is your OS? Do you have registered a public key to your GitHub profile? – VonC Mar 24 '23 at 19:06
-
The github public key fingersprints: SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s My fingersprints after update github.com ssh-rsa: SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM Curiously this is the fingersprint for ecdsa from github. – Janio Junior Mar 25 '23 at 12:40