3

Been searching several times to find the answer to this issue. Hope someone else has similar settings.

  1. I am using MacOS Big Sur. Vscode 1.61.2

  2. I am working remotely from office and laptop has zscaler installed.

  3. In Vscode terminal all git push/pull etc works fine with my id_rsa.

  4. Using inbuilt Vscode menu / icons doing the same thing all fail with host key verification failed.

  5. When using terminal inside or outside vscode, there is always a "warning: the RSA host key for <GitHub internal site> differs from the key for the IP address xxx.xx.xx.xx' Are you sure you want to continue?I have to enter yes, then git operation executes OK.

I believe above is due to zscaler app.

Q. Is the above prompt causing in-built vscode git calls to fail? Any way around it?

I'm pretty sure this basic inbuilt SCM works for everyone with remote repos.

torek
  • 448,244
  • 59
  • 642
  • 775
DodgyD
  • 31
  • 2
  • It's not zscaler, it's the fact that the RSA host key for your site changed. You may have multiple servers implementing the internal site; if so, you should make sure they all provide the *same* host key to clients, so that the clients can see that they're all providing the same data. (This is generally an ssh issue, since SSL site checking uses a different method.) – torek Oct 25 '21 at 06:13
  • Thanks, but that's not the reason. It works EVERY SINGLE TIME from a terminal but NEVER from vscode built in options. – DodgyD Oct 25 '21 at 08:32
  • It's still the issue. Clear out the old, incorrect key from the known_hosts file, and put the correct key in, so that you don't get the complaint. Presumably vscode is just disabling the interactive "should I continue" option, so that the answer is always "no, don't continue". See [this ServerFault Q&A](https://serverfault.com/q/321167/549786). – torek Oct 25 '21 at 16:31
  • Hi @torek...I do apologise, I misread RSA key when you said RSA host key. Your solution is working. I'll know what to do if this happens again! – DodgyD Oct 26 '21 at 05:20
  • In this scenario, the old RSA host key likely isn't actually incorrect. It's simply that the old RSA host key is the actual one from GitHub while @DodgyD is no longer connecting to GitHub directly, but to zScaler - which then acts as a man-in-the-middle between them and GitHub. Removing the actual GutHub RSA host key from `known_hosts` may work in practice in this scenario, but it's dubious from a security perspective. – Dreamer Aug 16 '23 at 15:25

1 Answers1

0

I believe it is a zscaler making VPN less secure one solution at a time. Seeing you are not logging directly into your final host - it seems the RSA key is whatever host is playing as intermediary for the connection.

Mark Tremblay
  • 1