25

I recently got the following error today when I tried to fetch, pull or push my code from/to my usual GitHub repository:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.

I struggled to figure out how to solve it and where it was coming from.

Jérémy
  • 1,790
  • 1
  • 24
  • 40

1 Answers1

35

Hopefully they posted an article yesterday about it!

Long story short, here is the answer to you problem:

ssh-keygen -R github.com
curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts

But don't trust me blindly and have a look to the blog post: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Jérémy
  • 1,790
  • 1
  • 24
  • 40
  • 2
    Might be useful to mirror the fingerprint of the new correct key here: `SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s` (but obviously double-check in the article!) – Joachim Sauer Mar 24 '23 at 13:07