git - Server host key not cached

Question

I try to push changes from my local repo to a remote repo. When I type:

git push origin

I get the following error:

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Connection abandoned.
fatal: The remote end hung up unexpectedly

How can I solve this? I'm using git from the command line in Windows 7.

Edit

When I try to do a simple ssh

ssh user@hostname

I get the following error:

Could not create directory '/c//%HOMEDRIVE%%HOMEPATH%/.ssh'.
percent_expand: unknown key %H

Somehow it will not create the directory, because the path is invalid. How to fix this?

@eckes: Edit2

My Home is set to %HOMEDRIVE%%HOMEPATH% is this correct?

Seems like `$HOME` isn't set up correctly. Try to set the `HOME` environment variable on windows using `My Computer` -> right click -> `Properties` -> Tab `Advanced` -> Button `Environment Variables` — eckes, Feb 08 '11 at 10:36
I'm not a windows guy, but it does strike me as odd that after `/c//` (presumably a drive letter) you still have `%HOMEDRIVE%`... You might be able to save yourself some time by fiddling with the value yourself, and echoing it? — Cascabel, Feb 08 '11 at 14:48
Expand `HOMEDRIVE` and `HOMEPATH` and set `HOME` to the resulting value... — eckes, Feb 08 '11 at 17:03

score 179 · Answer 1 · edited Apr 26 '19 at 17:36

179

For those of you who are setting up MSYS Git on Windows using PuTTY via the standard command prompt, the way to add a host to PuTTY's cache is to run

> plink.exe <host>

For example:

> plink.exe codebasehq.com

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 2e:db:b6:22:f7:bd:48:f6:da:72:bf:59:d7:75:d7:4e
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

Just answer y, and then Ctrl+C the rest.

Do check the fingerprint though. This warning is there for a good reason. Fingerprints for some git services (please edit to add more):

GitHub: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
Bitbucket: 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
Gitorious: 7e:af:8d:ec:f0:39:5e:ba:52:16:ce:19:fa:d4:b8:7d

edited Apr 26 '19 at 17:36

Gama11

31,714
9
78
100

answered Sep 16 '12 at 17:19

Roman Starkov

59,298
38
251
324

16

This should be the accepted answer. It's precisely what the error message is referring to. In my case when I cloned I had used a FQDN, but on my new machine I had only logged in using the short local domain name. I had to login via putty or plink as the FQDN to cache the key for the host name on the origin. It can help to cross check the hostname being used as the remote using "git remote -v". – peabody Feb 14 '13 at 04:51
3

It also works to use interactive PuTTY to the host you're trying to use. For instance, if you are trying to clone a Github repository for the first time on a fresh Windows machine, use PuTTY to open a session to the host 'github.com', accept the prompt regarding server trust, and then a clone at the command line should work. – Jeremy McGee Apr 28 '14 at 09:50
1

You can tell MSYS git is attemtping to use `plink` by running `$ set | grep GIT_SSH` and checking for `GIT_SSH='C:\Program Files (x86)\PuTTY\plink.exe'` – shuckc Aug 18 '14 at 10:50
2

I ended up resolving this by adding my key to Pageant, and accessing the host with Putty directly. This asks you to add the host to the cache. Doing the same thing. – Knossos Sep 30 '14 at 18:01
2

If your git repository is served on a custom SSH port, use `-P` to select the port, such as: `plink.exe example.com -P 2222` . I was able to clone from github but not from my personal server, and this confused me to no end. – Hay Aug 28 '19 at 18:32

score 81 · Answer 2 · edited Aug 06 '15 at 10:37

81

Try doing a "set | grep -i ssh" from the Git Bash prompt

If your setup is like mine you probably have these set:

GIT_SSH='C:\Program Files (x86)\PuTTY\plink.exe'
PLINK_PROTOCOL=ssh
SVN_SSH='"C:\\Program Files (x86)\\PuTTY\\plink.exe"'

I did a

unset GIT_SSH
unset PLINK_PROTOCOL
unset GIT_SVN

and it worked after that,.. I guess putty saves its keys somewhere else as $HOME/.ssh or something... (I've also had a problem on a box where $HOME was set to "C:\Users\usrnam" instead of "/C/Users/usrnam/"

anyway, your mileage may vary, but that fixed it for me. :-)

(probably just doing the unset GIT_SSH is enough, but I was on a roll)

Note: if unset doesn't work for you, try this:

set GIT_SSH=

edited Aug 06 '15 at 10:37

Martin Francis

57
9

answered Feb 21 '12 at 22:22

Thijs

827
6
2

1

"unset GIT_SSH" worked for me. I had set up Pageant / putty previously for a different server, but when I built new keys using the Git Bash prompt, I needed to go back. Thanks for the help. – supermitch Mar 08 '12 at 22:51
after taking your steps I got further but now I get a "currupted mac on input" error... ever seen that one? – CD Smith Mar 24 '12 at 15:23
2

When installing git you can opt to NOT set those variables. It is even the default variant. Although I chose plink integration too, that's why I'm here ) Thanks. – Antony Hatchkins Mar 25 '13 at 07:40
1

This worked for me too on Win7. Apparently git bash's setup with plink was causing the problem in my case. – nhylated Mar 29 '13 at 08:38
2

`unset GIT_SSH` worked for me too, though I have to do it everytime I launch git bash which is quite boring. Any idea on how to automate that? – Loïc Jul 19 '14 at 12:22
Man I love you so much, you have no idea !!! I was fighting this issue for the past 4 hours in a row and this is the one thing that did it - THANK YOU !!!! – Hrisimir Dakov Apr 09 '20 at 20:51

score 55 · Accepted Answer · edited Feb 14 '18 at 16:09

55

The message means that the host key of origin is not present in your trusted hosts file.

To get around this, open a plain SSH connection to origin and SSH will ask you if you want to trust the remote host (from the Git console):

$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is <FINGERPRINT>.
Are you sure you want to continue connecting (yes/no)?

If you trust the remote host (i.e. type yes), SSH will add its key to the list of known hosts.

After that, you should be able to do your git push origin.

As an alternative, you could also manually add the key of origin to .ssh/known_hosts but this requires that you adhere to the format of the known_hosts file as described in the man page of sshd (Section AUTHORIZED_KEYS FILE FORMAT).

edited Feb 14 '18 at 16:09

Luke Girvin

13,221
9
64
84

answered Feb 08 '11 at 09:39

eckes

64,417
29
168
201

4

I got the same message when doing a push to github but I can ssh to github and I do have github.com in my `known_hosts` file. – Magnus Lindhe Nov 10 '11 at 20:09
1

Look to answer below in this case – Nikita Koksharov Apr 14 '13 at 09:34
3

You can use PuTTY on windows for the same purposes, in place of a command line SSH client. – brianmearns Oct 28 '14 at 12:43
1

Make sure that the hostnames are exactly the same. For instance if you have git installed locally and use the name 'home.mydomain.com' as your remote, but store the key using putty to connect to 'localhost', that won't work. You need to connect to exactly the host name in your remote url. – Jason Goemaat Mar 18 '15 at 23:10
For me fixed trying to connect with putty to server. Lets say git url is ssh://git@example.ex.com:222/something/shop.git so I entered to putty Host name field example.ex.com and port 222. Then connection failed but I guess it added finger print where it needed. I just do not understand where it added because in my home directory known_hosts - file was not affected when I had deleted old key – Dariux May 29 '15 at 12:34

score 20 · Answer 4 · answered Apr 01 '13 at 21:40

I suspect that your GIT_SSH environment variable is set to %ProgramFiles(x86)%\putty\plink.exe. For some reason, PLink does not use the .ssh/known_hosts file in your user directory to store the remote hosts keys.

If this is actually your case, and it might be so on purpose if you want to use pageant, you need to use PLink to connect to the host first.

"$GIT_SSH" user@hostname

You should get a similar message

The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 86:7b:1b:12:85:35:8a:b7:98:b6:d2:97:5e:96:58:1d
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

Once you have answered y to the question and successfully connected to the remote host, you should be all set. Go ahead and try your push again.

This was it for me using Git Bash on windows with PLink/Pageant. Thanks so much! — amsross, Aug 22 '13 at 18:55
Using a Stash (now Bitbucket) repository, I had to use `"$GIT_SSH" -P 7999 git@stash.domain.local` — Julien, Nov 09 '15 at 11:00

score 4 · Answer 5 · answered Feb 03 '12 at 18:54

4

Just ssh'ing to the host is not enough, on Windows at least. That adds the host key to ssh/known_hosts but the error still persists.

You need to close the git bash window and open a new one. Then the registry cache is cleared and the push/pull then works.

answered Feb 03 '12 at 18:54

andynormancx

13,421
6
36
52

`ssh/known_hosts` is relativ to what?, %USERPROFILE% I am having this issue on Win 7, and no solution... – Frank N Apr 27 '12 at 13:01

score 2 · Answer 6 · edited Jul 11 '12 at 16:54

2

Rene, your HOME variable isn't set correctly. Either change it to c:\Users\(your-username) or just to %USERNAME%.

edited Jul 11 '12 at 16:54

Rob Hruska

118,520
32
167
192

answered Jul 11 '12 at 16:08

rezsa f

31
1

score 2 · Answer 7 · answered Aug 23 '12 at 15:29

Solution with Plink

Save this python script to known_hosts.py:

#! /usr/bin/env python

# $Id$
# Convert OpenSSH known_hosts and known_hosts2 files to "new format" PuTTY
# host keys.
#   usage:
#     kh2reg.py [ --win ] known_hosts1 2 3 4 ... > hosts.reg
#       Creates a Windows .REG file (double-click to install).
#     kh2reg.py --unix    known_hosts1 2 3 4 ... > sshhostkeys
#       Creates data suitable for storing in ~/.putty/sshhostkeys (Unix).
# Line endings are someone else's problem as is traditional.
# Developed for Python 1.5.2.

import fileinput
import base64
import struct
import string
import re
import sys
import getopt

def winmungestr(s):
    "Duplicate of PuTTY's mungestr() in winstore.c:1.10 for Registry keys"
    candot = 0
    r = ""
    for c in s:
        if c in ' \*?%~' or ord(c)<ord(' ') or (c == '.' and not candot):
            r = r + ("%%%02X" % ord(c))
        else:
            r = r + c
        candot = 1
    return r

def strtolong(s):
    "Convert arbitrary-length big-endian binary data to a Python long"
    bytes = struct.unpack(">%luB" % len(s), s)
    return reduce ((lambda a, b: (long(a) << 8) + long(b)), bytes)

def longtohex(n):
    """Convert long int to lower-case hex.

    Ick, Python (at least in 1.5.2) doesn't appear to have a way to
    turn a long int into an unadorned hex string -- % gets upset if the
    number is too big, and raw hex() uses uppercase (sometimes), and
    adds unwanted "0x...L" around it."""

    plain=string.lower(re.match(r"0x([0-9A-Fa-f]*)l?$", hex(n), re.I).group(1))
    return "0x" + plain

output_type = 'windows'

try:
    optlist, args = getopt.getopt(sys.argv[1:], '', [ 'win', 'unix' ])
    if filter(lambda x: x[0] == '--unix', optlist):
        output_type = 'unix'
except getopt.error, e:
    sys.stderr.write(str(e) + "\n")
    sys.exit(1)

if output_type == 'windows':
    # Output REG file header.
    sys.stdout.write("""REGEDIT4

[HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys]
""")

# Now process all known_hosts input.
for line in fileinput.input(args):

    try:
        # Remove leading/trailing whitespace (should zap CR and LF)
        line = string.strip (line)

        # Skip blanks and comments
        if line == '' or line[0] == '#':
            raise "Skipping input line"

        # Split line on spaces.
        fields = string.split (line, ' ')

        # Common fields
        hostpat = fields[0]
        magicnumbers = []   # placeholder
        keytype = ""        # placeholder

        # Grotty heuristic to distinguish known_hosts from known_hosts2:
        # is second field entirely decimal digits?
        if re.match (r"\d*$", fields[1]):

            # Treat as SSH-1-type host key.
            # Format: hostpat bits10 exp10 mod10 comment...
            # (PuTTY doesn't store the number of bits.)
            magicnumbers = map (long, fields[2:4])
            keytype = "rsa"

        else:

            # Treat as SSH-2-type host key.
            # Format: hostpat keytype keyblob64 comment...
            sshkeytype, blob = fields[1], base64.decodestring (fields[2])

            # 'blob' consists of a number of
            #   uint32    N (big-endian)
            #   uint8[N]  field_data
            subfields = []
            while blob:
                sizefmt = ">L"
                (size,) = struct.unpack (sizefmt, blob[0:4])
                size = int(size)   # req'd for slicage
                (data,) = struct.unpack (">%lus" % size, blob[4:size+4])
                subfields.append(data)
                blob = blob [struct.calcsize(sizefmt) + size : ]

            # The first field is keytype again, and the rest we can treat as
            # an opaque list of bignums (same numbers and order as stored
            # by PuTTY). (currently embedded keytype is ignored entirely)
            magicnumbers = map (strtolong, subfields[1:])

            # Translate key type into something PuTTY can use.
            if   sshkeytype == "ssh-rsa":   keytype = "rsa2"
            elif sshkeytype == "ssh-dss":   keytype = "dss"
            else:
                raise "Unknown SSH key type", sshkeytype

        # Now print out one line per host pattern, discarding wildcards.
        for host in string.split (hostpat, ','):
            if re.search (r"[*?!]", host):
                sys.stderr.write("Skipping wildcard host pattern '%s'\n"
                                 % host)
                continue
            elif re.match (r"\|", host):
                sys.stderr.write("Skipping hashed hostname '%s'\n" % host)
                continue
            else:
                m = re.match (r"\[([^]]*)\]:(\d*)$", host)
                if m:
                    (host, port) = m.group(1,2)
                    port = int(port)
                else:
                    port = 22
                # Slightly bizarre output key format: 'type@port:hostname'
                # XXX: does PuTTY do anything useful with literal IP[v4]s?
                key = keytype + ("@%d:%s" % (port, host))
                value = string.join (map (longtohex, magicnumbers), ',')
                if output_type == 'unix':
                    # Unix format.
                    sys.stdout.write('%s %s\n' % (key, value))
                else:
                    # Windows format.
                    # XXX: worry about double quotes?
                    sys.stdout.write("\"%s\"=\"%s\"\n"
                                     % (winmungestr(key), value))

    except "Unknown SSH key type", k:
        sys.stderr.write("Unknown SSH key type '%s', skipping\n" % k)
    except "Skipping input line":
        pass

Tested on Win7x64 and Python 2.7.

Then run:

ssh-keyscan -t rsa bitbucket.org >>~/.ssh/known_hosts
python --win known_hosts.py >known_hosts.reg
start known_hosts.reg

And choose to import into the registry. The keyscan will retrieve the public key for the domain (I had my problems with bitbucket), and then the python script will convert it to Plink format.

score 2 · Answer 8 · answered Aug 22 '13 at 10:19

2

Had the same issue, and forget to connect to SSH on port where is actuall repository, not just general SSH port, then the host key is different!

answered Aug 22 '13 at 10:19

Mateusz

2,287
20
28

Also use the exact same way of specifying the host, e.g. not gitserver.example.com for ssh and gitserver for git. – Matthijs P Jan 22 '14 at 14:55

score 2 · Answer 9 · answered Feb 02 '15 at 06:34

2

Just open Putty and try to establish connection to remote server you want to push your code. when the dialog appears press Yes(you trust remote) then everything would be OK.

answered Feb 02 '15 at 06:34

sadegh saati

1,168
1
13
24

score 2 · Answer 10 · edited Jun 01 '17 at 09:29

2

Working environment:

Windows 10
git
putty

First: Delete putty known_hosts in registy according to the Regedit.
Then: Executing the command %GIT_SSH% user@hostname in Window's cmd solves the problem.

Hope it helps you all.

edited Jun 01 '17 at 09:29

John Moutafis

22,254
11
68
112

answered Jun 01 '17 at 09:08

Jason 徐

21
1

score 2 · Answer 11 · answered Mar 11 '20 at 06:40

As answered by Roman Starkov, plink needs to add the host to it's cache.

For people using Git Extensions:

Open Git Extensions
Go to Tools -> Settings -> SSH
Copy the path to "plink.exe" (if using PuTTY) / "klink.exe" (if using KiTTY)
In a console, run the following command:

(replace with the actual paths)

<the path to plink/klink.exe> <address to the server>

e.g.

%ProgramData%\chocolatey\lib\kitty\tools\klink.exe codebasehq.com

Note: Make sure to use the same plink/klink that Git Extensions is using!

score 2 · Answer 12 · answered Jul 07 '20 at 13:32

If you receive the message about the unrecognized host key while doing git push/pull operations using ATLASSIAN SOURCETREE you do not have the ability to answer y/n and the push/pull operation will be aborted without caching the key. However going to SourceTree Tools->Options (General Tab) and changing the SSH Client under (under SSH Client Configuration) from PuTTY to OpenSSH will allow the key to be cached without changing anything else.

score 1 · Answer 13 · answered Feb 12 '14 at 14:00

I too had the same issue when I was trying to clone a repository on my Windows 7 machine. I tried most of the answers mentioned here. None of them worked for me.

What worked for me was, running the Pageant (Putty authentication agent) program. Once the Pageant was running in the background I was able to clone, push & pull from/to the repository. This worked for me, may be because I've setup my public key such that whenever it is used for the first time a password is required & the Pageant starts up.

You receive other error message when it's pageant issue. Not `Connection abandoned`, but something like `Access denied (private key)` — Andrey Regentov, Apr 03 '15 at 10:03

score 1 · Answer 14 · answered Mar 10 '15 at 12:08

1

Changing from PuTTY to OpenSSH fixed this issue for me, without needing to unset GIT_SSH, etc.

answered Mar 10 '15 at 12:08

79E09796

2,120
1
20
33

If you receive the message about the unrecognized host key while doing git push/pull operations using ATLASSIAN SOURCETREE you do not have the ability to answer y/n and the push/pull operation will be aborted without caching the key. However going to SourceTree Tools->Options (General Tab) and changing the SSH Client under (under SSH Client Configuration) from PuTTY to OpenSSH will allow the key to be cached without changing anything else. – Rod Dewell Jul 07 '20 at 13:30

score 1 · Answer 15 · answered Dec 16 '15 at 12:59

1

I solved similar problem using this workaround.

You just have to switch to Embedded Git, push, press Yes button and then switch back to System Git.

You can find this option in

Tools -> Options -> Git

answered Dec 16 '15 at 12:59

Pyro2266

310
2
5
18

1

Now on v2.5.5.0 location: `C:\Users\{UserName}\AppData\Local\SourceTree\app-2.5.5\tools\putty> .\plink.exe {YourNewHost}` – John Jang Jun 25 '18 at 07:39

score 0 · Answer 16 · answered Jun 01 '16 at 10:50

Adding the host directly with Bash didn't solve the issue, the error still occurred when using 'Fetch all' in Git Extensions. By using 'Pull' on one branch, the required host was added automatically by Git Extensions with a Bash pop-up screen. After doing this I was able to use 'Fetch All' again. Not sure what is done by Git Extensions differently.

score 0 · Answer 17 · answered Jan 10 '17 at 02:40

I have tried all the methods above but none of them could fix the same issue on my laptop. Finally instead of pushing the branch to origin in git bash, I trun to use TortoiseGit's push option to do the pushing, then a window pops-up to ask me to add the new host key to cache, after clicking the yes button, everything goes fine now.

Hope it helps to you all.

score 0 · Answer 18 · answered Nov 15 '18 at 07:55

0

I changed a hard disk, installed Windows. When tried to upload files received this command window.

I pressed "y", then Ctrl + C. Opened putty.exe, added an old key ther returned to git and pushed files.

answered Nov 15 '18 at 07:55

CoolMind

26,736
15
188
224

score 0 · Answer 19 · answered Sep 18 '19 at 03:40

In Windows 7 or 10, the trick that worked for me is deleting the GIT_SSH system variable. It was set before to use Plink, and now was replaced by Putty. This was causing Plink.exe error

There was also an old installation of Git (32-bit version) and updating to Git(e.g. Git-2.20.1-64-bit.exe) since the PC was 64-bit OS.

Anyway the Putty/Plink was not even used by Git since in the Git installation it was default to use Open SSH.

score 0 · Answer 20 · answered May 09 '23 at 13:44

0

I changed my SSH key and this happend. I tried some solution but it failed, and give up. Finally, I select the OpenSSH instead of PuTTY, then it works :)

answered May 09 '23 at 13:44

jngcs

11
2

score -1 · Answer 21 · answered Jul 17 '19 at 07:44

-1

Just uninstall Git Extensions and Install again by choosing OpenSSH instead of

answered Jul 17 '19 at 07:44

Kiran.vanam

74
5

git - Server host key not cached

21 Answers21

Solution with Plink

Linked