Why Does This Happen?
When running the git clone
command with an SSH remote host link, you may get an error like the following:
git clone git@github.com:organization/my-repository.git
Cloning into 'my-repository'... @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:<...>. Please contact your system administrator. Add correct host key in /Users/<your-user>/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/<your-user>/.ssh/known_hosts:1 Host key for github.com has changed and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository.
The error message is warning you that the SSH key fingerprint of the remote repository you're trying to clone does not match the one stored in your "known_hosts
" file.
The known_hosts
file is where SSH stores the fingerprints of hosts you've connected to using SSH. This file helps ensure that you're connecting to the right host and not a fake one set up by an attacker.
This error message typically appears when the SSH host key of the remote repository changes, which could indicate one of the following:
- A change on the remote server, or;
- A man-in-the-middle attack.
How to Fix the Issue?
To resolve this issue, you can edit the known_hosts
file and do the following:
- Remove the line that corresponds to the remote repository's old SSH key fingerprint, and;
- Re-clone the repository.
Alternatively, you can add the new SSH key fingerprint to your known_hosts
file by running the following commands:
ssh-keygen -R github.com ssh-keyscan github.com >> ~/.ssh/known_hosts
The first command removes the old key from your known_hosts
file, and the second command adds the new key to the file. After running these commands, you can try cloning the repository again.
If this does not work for you, then you can try either of the following:
- Only run the first command (i.e.
ssh-keygen -R <ip-or-host>
) to remove the old key from yourknown_hosts
file, and clone the repository again, or; - Remove the
known_hosts
file altogether (e.g. by runningrm ~/.ssh/known_hosts
), and clone the repository again.
In either case, git should prompt you to save the new key.
Please note that the tilde character (~
) in the directory is merely a shortcut referring to the home directory of the current user. This means that "~/.ssh/known_hosts
" is equivalent to "/Users/<your-user>/.ssh/known_hosts
", where <your-user>
is the name of the current user. Therefore, you can use either of the paths to locate and edit the known_hosts
file, as they will both lead you to the same file on your system.
This post was published (and was last revised ) by Daniyal Hamid. Daniyal currently works as the Head of Engineering in Germany and has 20+ years of experience in software engineering, design and marketing. Please show your love and support by sharing this post.