How to "Git Pull" - Host Key Verification Failed

Git error: Host Key Verification Failed when connecting to remote repository

You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.

The host key for domain.example has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.example or letting an SSH utility do it for you with

ssh-keygen -R domain.example

From here, record the updated key either by doing it yourself with

ssh-keyscan -t rsa domain.example >> ~/.ssh/known_hosts

or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.example) by answering yes when prompted

The authenticity of host 'domain.example (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?

The reason for this prompt is domain.example is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.example. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)

I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.

Cloning git repo causes error - Host key verification failed. fatal: The remote end hung up unexpectedly

Resolved the issue... you need to add the ssh public key to your github account.

  1. Verify that the ssh keys have been setup correctly.
    1. Run ssh-keygen
    2. Enter the password (keep the default path - ~/.ssh/id_rsa)
  2. Add the public key (~/.ssh/id_rsa.pub) to github account
  3. Try git clone. It works!



Initial status (public key not added to git hub account)

foo@bn18-251:~$ rm -rf test
foo@bn18-251:~$ ls
foo@bn18-251:~$ git clone git@github.com:devendra-d-chavan/test.git
Cloning into 'test'...
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
foo@bn18-251:~$



Now, add the public key ~/.ssh/id_rsa.pub to the github account (I used cat ~/.ssh/id_rsa.pub)

foo@bn18-251:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/foo/.ssh/id_rsa): 
Created directory '/home/foo/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/foo/.ssh/id_rsa.
Your public key has been saved in /home/foo/.ssh/id_rsa.pub.
The key fingerprint is:
xxxxx
The key's randomart image is:
+--[ RSA 2048]----+
xxxxx
+-----------------+
foo@bn18-251:~$ cat ./.ssh/id_rsa.pub 
xxxxx
foo@bn18-251:~$ git clone git@github.com:devendra-d-chavan/test.git
Cloning into 'test'...
The authenticity of host 'github.com (207.97.227.239)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.
Enter passphrase for key '/home/foo/.ssh/id_rsa': 
warning: You appear to have cloned an empty repository.
foo@bn18-251:~$ ls
test
foo@bn18-251:~/test$ git status
# On branch master
#
# Initial commit
#
nothing to commit (create/copy files and use "git add" to track)

Not able to git pull - Host key verification failed

In the log you see the following text:


(...)

Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R gitlab.site.org
ECDSA host key for gitlab.site.org has changed and you have requested strict checking.
Host key verification failed.

So it is a matter of performing the command that is suggested there:

ssh-keygen -f "/root/.ssh/known_hosts" -R gitlab.site.org

BitBucket: Host key verification failed

The message says

Host key verification failed.

nothing about authentication, so you are working on the wrong field. It means that the host key of the bitbucket.org is not in your ~/.ssh/known_hosts and your client does not have any way how to verify it. It was answered many times how to workaround it, but how to do it properly?

There is section in the bitbucket manuals, describing how their public keys and fingerprint looks like. So:

  1. Run ssh bitbucket.org

  2. It will prompt you with one of the fingerprints:

    The authenticity of host 'bitbucket.org (104.192.143.3)' can't be established.
    RSA key fingerprint is SHA256:*****.
    Are you sure you want to continue connecting (yes/no)?

  3. You verify the fingerprint in the prompt is the same as on the bitbucket website:

    SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A bitbucket.org (RSA)

  4. You write yes and press enter to verify the connection works.

Or just copy the public key from the bitbucket website directly in the ~/.ssh/known_hosts file

echo "bitbucket.org,104.192.143.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> ~/.ssh/known_hosts

if nothing from the above helps, please run ssh -vvv bitbucket.org and post the output to the edited question.

Clone gitlab repository Host key verification failed. fatal: Could not read from remote repository

Typing yes is one thing. But it is sensible to check first if the fingerprint proposed is indeed the one of the remote GitLab server.

The ones for gitlab.com are shown here.

Since what you see (SHA256:eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8) matches one of those, you can type yes, and update your own c/Users/Toshiba/.ssh/known_hosts file.

There is a proposal (issue 25142) to expose those fingerprints on the server side, implemented with MR 13850 (and commit f913f7a) in GitLab 10.2 (Nov. 2017).

Automatic git pull to server: Host key verification failed

This blog post may help, the main points it suggests are:

Creating the php script like this: 

<?php
...
   echo shell_exec("/full/path/to/bin/git pull 2>&1");
...

Note: You can find the path to your (Linux) Git installation by executing which git

Then doing an initial Git pull with the apache user to make sure the remote is added to the user's known_hosts file like this:

sudo -u www git pull


Related Topics

Sorting in Bash

How Are Percpu Pointers Implemented in the Linux Kernel

Running R Scripts or Commands with Interpretor in Unix for Unix-Layman

Ssh-Keygen Accepting Stdin

How to Open a File in Assembler and Modify It

Iterating Over Lists in Makefiles

Compiling a Linux Program for Arm Architecture - Running on a Host Os

Find Command in Bash Script Resulting in "No Such File or Directory" Error Only for Directories

Force Linux to Use Only Memory Over 4G

Let Non-Root User Write to Linux Host in Docker

Linux Find Out Hyper-Threaded Core Id

Steps to Install and Run Headless Chrome Browser on Centos 6.5 Using Chrome Driver

Can't Build 32Bit Wine on 64Bit Linux

Match All Files Under All Nested Directories with Shell Globbing

Writing Memory of the Traced Process

Insert Linux Kernel Module Statically

What Does "$1/*" Mean in "For File in $1/*"

Stable Sort in Linux


Leave a reply



Submit