DEV Community

Mattia Orfano
Mattia Orfano

Posted on

3 1

RSA host key changed for github.com

#github

As recently announced, Github replaced their RSA SSH host key used to secure Git operations for GitHub.com as a security measure.

This "small" change will affect all your future deploys and you might encounter errors like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /home/project/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/project/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/project/.ssh/known_hosts" -R "github.com"
RSA host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.
Enter fullscreen mode Exit fullscreen mode

Even following Github's advice I wasn't able to fix the error and I had to tweak a little bit...

First, ensure you have an updated SSH key in your project's "deploy keys". Go to Github.com, enter your repository, go to Settings>Deploy Keys and create/update the existing ones.

Then, on your local machine (as well as your remote server that serves your web application) run the following:

ssh-keygen -R github.com
ssh-keyscan github.com > ~/.ssh/known_hosts
Enter fullscreen mode Exit fullscreen mode

Now, try again to deploy your code.

If you see another error like this:

The authenticity of host 'github.com (140.82.121.4)' can't be established.
       ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM.
Enter fullscreen mode Exit fullscreen mode 
Warning: the ECDSA host key for 'github.com' differs from the key for the IP address '140.82.121.4'
       Offending key for IP in /home/project/.ssh/known_hosts:1
       Matching host key in /home/project/.ssh/known_hosts:4
Enter fullscreen mode Exit fullscreen mode

you have to remove the specified IP address from known_host. Run the following command:

ssh-keygen -R "140.82.121.4"

Retry later

Top comments (0)

Retry later
Retry later