UNC Campus Git: Updating the SSH known_hosts file

Tags Git Gitlab

This article covers how to update the known_hosts file.

Known Issue

As part of change 153423, we upgraded our Gitlab environment. This resulted in the SSH host key changing, which has caused SSH authentication errors for some git clients that recognize the host has changed.

Error messages will appear similar to the following (depending on your git client, the error may be slightly different):

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:SPpItarCf8+DtGv1GXnZaiep/gOYGuY2ATBP1i9XLhk.
Please contact your system administrator.
Add correct host key in /Users/username/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /Users/username/.ssh/known_hosts:17
Host key for sc.unc.edu has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

Resolution

In order to resolve this, you can do the following (using the example above, replace the path with the path provided to you):

  • Open /Users/username/.ssh/known_hosts
  • Find the line mentioned (in this case, 17)
    • Note, there may be more than one line for sc.unc.edu. If so, you may need to remove them all.
  • Delete the line
  • Save the file

Now, the next time you perform an SSH authentication, you should see this message:

$ git clone git@sc.unc.edu:onyen/coinflip.git
Cloning into 'coinflip'...
The authenticity of host 'sc.unc.edu (172.27.206.60)' can't be established.
ED25519 key fingerprint is SHA256:SPpItarCf8+DtGv1GXnZaiep/gOYGuY2ATBP1i9XLhk.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Make sure you type yes and press enter.

You should then see this message:

Warning: Permanently added 'sc.unc.edu' (ED25519) to the list of known hosts.

After performing these steps, you should be able to successfully clone your repositories with SSH keys again.

 

If you have any questions or comments about this process or the Git service, please send an email to git@unc.edu

Print Article