Answer yes in a bash script
Solution 1
Add the following to your ~/.ssh/config
file:
Host github.com
StrictHostKeyChecking no
Anything using the open-ssh client to establish a remote shell (with the git client does) should skip the key checks to github.com.
This is actually a bad idea since any form of skipping the checks (whether you automatically hit yes or skip the check in the first place) creates room for a man in the middle security compromise. A better way would be to retrieve and validate the fingerprint and store it in the known_hosts
file before needing to run some script that automatically connects.
Solution 2
Running ssh-keyscan -H github.com >> ~/.ssh/known_hosts
before cloning will add the key and prevent the prompt from appearing.
Of course this approach is also vulnerable to a MITM attack.
Solution 3
yes
outputs y
. RSA key acceptance needs yes
. You could try yes yes | git clone [email protected]:repo/repoo.git
so yes
outputs yes
instead of y
.
Solution 4
Run the command below (change root with your user):
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts
I used this script:
with the first IF
check if the file /root/.ssh/known_hosts
exists, if it no exist (else
), I create it and save the key.
If file exist check the key for github.com was added, if no add it.
Remember to change root with your user if you use a different.
if [ -f "/root/.ssh/known_hosts" ]; then
if [ ! -n "$(grep "^github.com" /root/.ssh/known_hosts)" ]; then
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts 2>/dev/null;
fi
else
ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts 2>/dev/null;
fi
Solution 5
I've run into this issue before. Albeit it was on a Windows machine but we needed to use ssh to connect to a remote host. We ran into the same problem that the first connect always failed because it wouldn't recognize the keys.
I solved it by connecting manually and finding the registry key and importing it at the beginning of the script. In Linux it should be the same general idea: you want to add this server to a list of trusted hosts so that ssh won't ask you if you trust him every time.
Once you connect manually, find the key file and add it to your known_hosts file. This way ssh will look over that file, assume you know what you're doing and proceed without asking you about the fingerprint.
Related videos on Youtube
Rafael
Updated on September 18, 2022Comments
-
Rafael almost 2 years
I'm trying to do a
git clone
trough a bash script, but the first time that I run the script and the server is not known yet the script fails. I have something like this:yes | git clone [email protected]:repo/repoo.git
The authenticity of host 'github.com (207.97.227.239)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)?
But it's ignoring the
yes
. Do you know how to forcegit clone
to add the key to the known hosts?-
af_khan almost 13 yearsWhat about
echo yes | git clone [email protected]:repo/repoo.git
? -
Gilles 'SO- stop being evil' almost 13 years@asfallows, @Rafael:
echo yes
is not a good approach: the second time you run the command, ssh won't ask if you want to continue because the server key will already be known. -
Patrick Taylor almost 3 yearsPerhaps check whether the repo you're trying to connect to has an entry in known_hosts or not (using grep) and if not then do the echo Y step.
-
-
Gilles 'SO- stop being evil' almost 13 yearsWith a strong preference to retrieve and validate the fingerprint and store it in the
known_hosts
file before. -
Rafael almost 13 yearsThanks a lot for your answer, I ended up following the approach of adding the finger print in the known_hosts. It's like more secure :)
-
Rafael almost 13 yearsOh I'm using puppet to do this. If someone is interested in using it here is the recipe: gist.github.com/1155725
-
Matt V. over 12 yearsFor some reason, that didn't work with git clone, for me.
-
udondan over 9 yearsNeither it worked for me. Also
echo "yes" | ...
doesn't. I thinkgit
doesn't accept piping. Maybe only in some version? -
Hobin C. over 3 yearsI read this post. After modifying the
~/.ssh/config
file,sudo chmod 400 ~/.ssh/config
is required, isnt it? -
tcoolspy over 3 years@HobinC. If you create the file from scratch, yes you need to make sure the privs on it are locked down,
chmod 400
is good. The~./ssh
dir needs to be somewhat limited as well.