40

I am doing a git pull for the first time and have been prompted in git that the authenticity of host can't be established, the RSA key fingerprint isn't correct compared to the private key I generated. I was just wondering how I can update this so it reads the correct file and why does it read the wrong fingerprint in the first place?

James Dunn
  • 8,064
  • 13
  • 53
  • 87
styler
  • 15,779
  • 23
  • 81
  • 135
  • 8
    That's normal the first time you contact a remote host via SSH. Just say "yes" and continue. – Greg Hewgill Jul 12 '12 at 01:02
  • hmm, ok when i say yes i get permission denied(publickey)? – styler Jul 12 '12 at 01:04
  • Please see http://stackoverflow.com/questions/2643502/git-permission-denied-publickey and many similar questions (linked on the right hand "Related" column). – Greg Hewgill Jul 12 '12 at 01:04
  • 1
    Old question, but anyway: Also see [github docs](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/testing-your-ssh-connection). – djvg Jan 15 '21 at 16:39

6 Answers6

33

I had similar issue, which means that the remote host is unknown /untrusted. The fix is to have the remote host entry in the known_hosts file.

This is what I have done:

  1. Generate (or use existing) RSA keys and store them in the <USER.HOME>/.ssh file. If you are using eclipse, you can generate RSA keys using Preferences;

    • General -> Network Connections -> SSH2 and then select the Key Management.
    • Now Click Generate RSA Key...
    • And then Save Private Key... in the .ssh folder

  2. Now your <USER.HOME>/.ssh would contain file; private key, public key and known_hosts

  3. share your public key with your trusted hosts.
  4. Open Git Bash Promp (command prompt) and enter below command.
    • ssh -vt <user>@<hostname>
    • For Example: ssh -vt git@mygithub.com
  5. When it prompts error ... Are you sure you want to continue connecting (yes/no)?
  6. Say 'yes'
  7. Now your remote host is added to the known_hosts
  8. Done.

Now if you try pushing the file to remote, you don't see any errors.

vijay
  • 831
  • 9
  • 14
  • Didn't work for git lab, bitbucket is much better than git lab. – Asfandyar Khan Nov 29 '19 at 12:22
  • 3
    If you do not get the known_hosts file filled automatically, see https://superuser.com/a/1111974/1192848, using `ssh-keyscan -t rsa -H gitlab.com >> C:\Users\USERNAME\.ssh\known_hosts`, (example here for Windows PowerShell, but same approach works on Linux). – questionto42 Mar 11 '21 at 21:08
9

After you add your ssh key to GitLab, when you try to clone the repository, If you press keyboard Enter directly, you will get below error:

Cloning into 'hfe-insure-m'...
The authenticity of host 'git.zhonganinfo.com (100.112.23.182)' can't be established.
ECDSA key fingerprint is SHA256:IRLOr2bTvVB2rLgYVgyUibE+oLlZ0pUwU9wycc/5zYU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Make sure you enter yes when you see the below sentence, DO NOT press keyboard Enter directly.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

E.g.

Cloning into 'hfe-insure-m'...
The authenticity of host 'git.zhonganinfo.com (100.112.23.182)' can't be established.
ECDSA key fingerprint is SHA256:IRLOr2bTvVB2rLgYVgyUibE+oLlZ0pUwU9wycc/5zYU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'git.zhonganinfo.com,100.112.23.182' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 31607, done.
remote: Counting objects: 100% (31607/31607), done.
remote: Compressing objects: 100% (10365/10365), done.
remote: Total 31607 (delta 20695), reused 31485 (delta 20604)
Receiving objects: 100% (31607/31607), 21.51 MiB | 581.00 KiB/s, done.
Resolving deltas: 100% (20695/20695), done.
Lin Du
  • 88,126
  • 95
  • 281
  • 483
3

I have the same issue in Ubuntu. Just Change the permissions and enabling it for ssh-keys

good luck.

Awais Afridi
  • 128
  • 1
  • 5
1

If you are not too concerned about security, you can simply type "yes" to continue.

Alternatively, when it asks the question:

ECDSA key fingerprint is SHA256:....
Are you sure you want to continue connecting (yes/no/[fingerprint])?

you should find out the genuine SSH host key fingerprint from a reliable source (for example the company's website), copy it, and paste it as an answer to the question. Your SSH client will then check that the fingerprints match.

tom
  • 21,844
  • 6
  • 43
  • 36
shaikh nifa
  • 139
  • 1
  • 2
0

Another problem I ran into was multiple entries in the known_hosts file as well as a known_hosts2 file.

My only guess is that since I reused a host name in ./ssh/config to point to different IPs it got confused an created multiple entries.

JD Frias
  • 4,418
  • 3
  • 21
  • 24
0

There is a better answer posted here:

http://stackoverflow.com/questions/2643502/git-permission-denied-publickey

This saved me!!!

These commands only work in the git bash prompt. For windows you most likely will need to be in your c:/users//.ssh directory. and also name your key "is_rsa". passphrase is optional and if you provide on you'll be prompted for it each time you do a pull.

good luck.

RayLoveless
  • 19,880
  • 21
  • 76
  • 94