Every time I push to my repo, a new ECDSA host key is for IP address is permanently added #27405
-
Hello, I have set up ssh on my device, and can push to my repo successfully, but every time I do, I get this warning: Warning: Permanently added the ECDSA host key for IP address '140.00.xxx.x' to the list of known hosts. My known_hosts file is then updated with the new IP with a fingerprint that I do not recognize. The IP address that proceeds each fingerprint increments/decrements by one number for each new row that is added to the file, but the fingerprint that I am not recognizing stays the same. I have tried to add the following to my ~/.ssh/config file:
Also, when I run Is this something that I should be concerned about? |
Beta Was this translation helpful? Give feedback.
Replies: 13 comments 23 replies
-
I found this which suggests that the 140 IP is apart of the subnet mask that covers the range 140.82.112.1 - 140.82.127.254. I believe this suggests that my warning is nothing to worry about? |
Beta Was this translation helpful? Give feedback.
-
GitHub has multiple IP addresses, and if SSH encounters a new one but the fingerprint still matches one known for the hostname you get that warning. So as long as the fingerprint is one of the published ones it's nothing to worry about. 😺 However you should remove the line you've added to |
Beta Was this translation helpful? Give feedback.
-
How can I SOLVE THIS PROBLEM |
Beta Was this translation helpful? Give feedback.
-
Possible explanations for incorrect fingerprints:
The latter is a reason to not ignore host key checks for automated deploys. Instead, I'd suggest to manually add the key once, and store it in your container. I think the fingerprint is not correct right now, because it changes for successive requests to the same IP. git fetch Warning: the ECDSA host key for 'github.com' differs from the key for the IP address '140.82.121.3' -> type yes git fetch Warning: the ECDSA host key for 'github.com' differs from the key for the IP address '140.82.121.3' Sometimes the IP address is 140.82.121.4 , but the issue is the same. Edit: added one more reason to 'possible explanations', thx @blzzua |
Beta Was this translation helpful? Give feedback.
-
i had same problem. just remove record with hashed hostname in /home/user/.ssh/known_hosts:18 |
Beta Was this translation helpful? Give feedback.
-
Since github recently changed their RSA key, this might be helpful to clean up your known_hosts file. for ip in $(for i in $(seq -f "140.82.%g.%%g" 112 127); do seq -f $i 1 254; done); do ssh-keygen -R $ip; done (Assuming the IP range is as stated in this thread.) This would let you keep hashing of known_hosts enabled and just start using the new public key without being prompted every time you connect to a different IP. |
Beta Was this translation helpful? Give feedback.
-
Perhaps not strict as some other solutions in this thread, but this addition to
|
Beta Was this translation helpful? Give feedback.
-
Remove the cached key for "'140.00.xxx.x" on the local machine: |
Beta Was this translation helpful? Give feedback.
-
For those on the 'simple' side (the kind way of saying 'dumb') both the hostname 'github.com' and any IP you may have ever encountered that results from a lookup of 'github.com' is stored in your Note, the only reason you are doing this is because you have been alterted by github.com that their keys rotated. If you ever encounter this, you always should reach out to the host and ask if something really did change. If it didn't change, then consider yourself at risk until you can determine otherwise. Knowing that github.com has changed their keys, you now proceed with the below instructions feeling reasonably safe. This is like getting a certified, potentially dangerous package of chocolates with a note "just eat this!" from "Jane Smith at 123 Main St.". So, once you got passed the MITM attack with Rather than predicting all the IP addresses you have ever encountered while asking for github.com, just You should only have to do this two, maybe 3 times, depending on what your computer has seen in the past. me: and it stopped.
Removing your entire |
Beta Was this translation helpful? Give feedback.
-
For me, the 3 steps noted above (and here) had to be run twice. Ran them once and git pull still the error. Ran them again, and so far all git commands are clean (knock on wood)
|
Beta Was this translation helpful? Give feedback.
-
GitHub recommends to ignore security warnings. |
Beta Was this translation helpful? Give feedback.
-
None of the examples above worked for me. But finally I've found the solution: |
Beta Was this translation helpful? Give feedback.
-
I read that github has multiple IP addresses but what I don't understand at all is why just the second command found the ip address from github that the first one couldn't.
|
Beta Was this translation helpful? Give feedback.
GitHub has multiple IP addresses, and if SSH encounters a new one but the fingerprint still matches one known for the hostname you get that warning. So as long as the fingerprint is one of the published ones it's nothing to worry about. 😺
However you should remove the line you've added to
~/.ssh/config
, that has nothing to do with host key checking. 😅