Answer yes in a bash script
Solution 1
Add the following to your ~/.ssh/config file:
Host github.com
StrictHostKeyChecking no
Anything using the open-ssh client to establish a remote shell (with the git client does) should skip the key checks to github.com.
This is actually a bad idea since any form of skipping the checks (whether you automatically hit yes or skip the check in the first place) creates room for a man in the middle security compromise. A better way would be to retrieve and validate the fingerprint and store it in the known_hosts file before needing to run some script that automatically connects.
Solution 2
Running ssh-keyscan -H github.com >> ~/.ssh/known_hosts before cloning will add the key and prevent the prompt from appearing.
Of course this approach is also vulnerable to a MITM attack.
Solution 3
yes outputs y. RSA key acceptance needs yes. You could try yes yes | git clone [email protected]:repo/repoo.git so yes outputs yes instead of y.
Solution 4
Run the command below (change root with your user):
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts
I used this script:
with the first IF check if the file /root/.ssh/known_hosts exists, if it no exist (else), I create it and save the key.
If file exist check the key for github.com was added, if no add it.
Remember to change root with your user if you use a different.
if [ -f "/root/.ssh/known_hosts" ]; then
if [ ! -n "$(grep "^github.com" /root/.ssh/known_hosts)" ]; then
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts 2>/dev/null;
fi
else
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts 2>/dev/null;
fi
Solution 5
I've run into this issue before. Albeit it was on a Windows machine but we needed to use ssh to connect to a remote host. We ran into the same problem that the first connect always failed because it wouldn't recognize the keys.
I solved it by connecting manually and finding the registry key and importing it at the beginning of the script. In Linux it should be the same general idea: you want to add this server to a list of trusted hosts so that ssh won't ask you if you trust him every time.
Once you connect manually, find the key file and add it to your known_hosts file. This way ssh will look over that file, assume you know what you're doing and proceed without asking you about the fingerprint.
Related videos on Youtube
04 : 04
![Write Your Own Bash Scripts for Automation [Tutorial]](https://i.ytimg.com/vi/PPQ8m8xQAs8/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCwQaGsEd2aIIwg4kHP-QI1pGNjCg)
16 : 35
14 : 50
02 : 14
02 : 32
Rafael
Updated on September 18, 2022Comments
-
Rafael almost 2 years
I'm trying to do a
git clonetrough a bash script, but the first time that I run the script and the server is not known yet the script fails. I have something like this:yes | git clone [email protected]:repo/repoo.gitThe authenticity of host 'github.com (207.97.227.239)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)?But it's ignoring the
yes. Do you know how to forcegit cloneto add the key to the known hosts?-
af_khan almost 13 yearsWhat aboutecho yes | git clone [email protected]:repo/repoo.git? -
Gilles 'SO- stop being evil' almost 13 years@asfallows, @Rafael:echo yesis not a good approach: the second time you run the command, ssh won't ask if you want to continue because the server key will already be known. -
Patrick Taylor almost 3 yearsPerhaps check whether the repo you're trying to connect to has an entry in known_hosts or not (using grep) and if not then do the echo Y step.
-
-
Gilles 'SO- stop being evil' almost 13 yearsWith a strong preference to retrieve and validate the fingerprint and store it in the
known_hostsfile before. -
Rafael almost 13 yearsThanks a lot for your answer, I ended up following the approach of adding the finger print in the known_hosts. It's like more secure :)
-
Rafael almost 13 yearsOh I'm using puppet to do this. If someone is interested in using it here is the recipe: gist.github.com/1155725
-
Matt V. over 12 yearsFor some reason, that didn't work with git clone, for me.
-
udondan over 9 yearsNeither it worked for me. Alsoecho "yes" | ...doesn't. I thinkgitdoesn't accept piping. Maybe only in some version? -
Hobin C. over 3 yearsI read this post. After modifying the
~/.ssh/configfile,sudo chmod 400 ~/.ssh/configis required, isnt it? -
tcoolspy over 3 years@HobinC. If you create the file from scratch, yes you need to make sure the privs on it are locked down,
chmod 400is good. The~./sshdir needs to be somewhat limited as well.
