I started seeing this warning
A few months back after coming back from the weekend, I started seeing the below warning below in the terminal. I was working on a GitHub project.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.
This was an odd change, as I was working on the project a few days prior without issue. This error occurred whenever I tried to push updates to the remote repository on GitHub.
This was the somewhat cryptic warning that stood out.
π The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
It took a few minutes of troubleshooting to finally realize the phrases remote host
and please contact your system administrator
where important here. After a bit of searching, I came across this article for the potentially comprised GitHub RSA SSH Key - https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/.
I was surprised by the unexpected non-warning, though after reading the article I could see why this happened. Next week, I'll get into why this was such a big deal, especially for automated CI/CD pipelines and distributed teams.
Photo credit to Vidi Drone on Unsplash
Top comments (0)