Git error: "Host Key Verification Failed" when connecting to remote repository
Solution 1
You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.
The host key for domain.example has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.example or letting an SSH utility do it for you with
ssh-keygen -R domain.example
From here, record the updated key either by doing it yourself with
ssh-keyscan -t rsa domain.example >> ~/.ssh/known_hosts
or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.example) by answering yes when prompted
The authenticity of host 'domain.example (a.b.c.d)' can't be established. RSA key fingerprint is XX:XX:...:XX. Are you sure you want to continue connecting (yes/no)?
The reason for this prompt is domain.example is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.example. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)
I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.
Solution 2
As I answered previously in Cloning git repo causes error - Host key verification failed. fatal: The remote end hung up unexpectedly, add GitHub to the list of known hosts:
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
Solution 3
I had the similar issue, but, using SSH keys. From Tupy's answer, above, I figured out that the issue is with known_hosts file not being present or github.com not being present in the list of known hosts. Here are the steps I followed to resolve it -
mkdir -p ~/.ssh-
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts -
ssh-keygen -t rsa -C "user.email" - open the public key with this command
$ cat ~/.ssh/id_rsa.puband copy it. - Add the id_rsa.pub key to SSH keys list on your GitHub profile.
Solution 4
This is happening because github is not currently in your known hosts.
You should be prompted to add github to your known hosts. If this hasn't happened, you can run ssh -T [email protected] to receive the prompt again.
Solution 5
For me, I just had to type "yes" at the prompt which asks "Are you sure you want to continue connecting (yes/no)?" rather than just pressing Enter.
Admin
Updated on July 08, 2022Comments
-
Admin 6 months
I am trying to connect to a remote Git repository that resides on my web server and clone it to my machine.
I am using the following format for my command:
git clone ssh://[email protected]/repository.gitThis has worked fine for most of my team members. Usually after running this command Git will prompt for the user's password, and then run the cloning. However, when running on one of my machines I get the following error:
Host key verification failed.
fatal: Could not read from remote repository.
We are not using SSH keys to connect to this repository, so I'm not sure why Git is checking for one on this particular machine.
-
Doomsday about 8 yearsIt worked for me because /dev/tty was created as a file, very odd! (so you have to remove it then recreate it with mknod) -
Milad about 8 years@Geoffroy , I removed /dev/tty and now when do sudo , I face this error : sudo: sorry, you must have a tty to run sudo -
Geoffroy about 8 years@xe4me I never said you should remove it, depending on the system it is actually required. Reboot should fix it. -
Milad about 8 years@Geoffroy , actually the first commentator , said I have to remove and the recreate :d Nope , rebooting didn't work , I had to tell the root , he fixed it :d
-
Zenexer over 7 yearsThis is the most secure way, short of already having the key present. That's assuming you only run it once, not every time you connect to the server. -
Fendy over 6 yearsMy company's private fit repository is using ecdsa as key, so if the solution isn't working, maybe it is because the algorithm isn't correct -
Phlarx almost 6 yearsNote: depending on your shell, you may have to escape the square brackets \[ and \] or use quotes. -
Keyur over 5 yearsThis should be the accepted answer. Thanks for saving my day.
-
Sashah about 5 yearsThis answer lead me to realize I had to manually clone my repo on my build server in order to type 'yes' and get my bitbucket server added to my known_hosts -
Code-Apprentice about 5 years@Sashah If all you need is the bitbucket server in known_hosts, you can edit the file manually. No need to clone the repo if this is the only reason to do so. -
Mnebuerquo almost 5 yearsThis is still dangerous, with our without corporate firewalls. How do you know you're talking to the real github without verifying the server key? -
sunil over 4 yearsIn corporate environments local git repos are mostly used, never opensource one. Worst case .ssh config at the top of the file can have github explicit host related config lines for ssh to choose more specific matches. -
Tad Lispy over 4 years@OJFord FYI: I have edited the original answer in a way that makes your comment obsolete. TBH and with all due respect it wasn't entirely correct in the first place. Thetouchcommand would fail in case~/.sshdirectory does not exist, so step 1 was still required. Also you don't need totouchthe file before using>>redirection. It will be created if necessary (but just the file, not entire path, so stillmkdir -pis needed). The-poption make it work in case the directory already exists. -
Matthias Hagemann over 4 yearsThis is the right answer if you never get prompted. -
Josiah Yoder over 4 yearsIndeed, my Cygwin prompt looks nearly exactly like my git bash prompt, but it only works in the git bash prompt! -
StackAttack about 4 yearsworked for me too, I was wondering why I couldn't clone my own repo -
Wai Ha Lee almost 4 yearsSomebody has flagged this post (incorrectly). From Review. -
double-beep almost 4 yearsFYI, your post has been flagged as low quality and the flag has been declined. From Review -
Rafael Araújo over 3 yearsIf you're using Windows, the easiest is to install git-for-windows(download) and open Git Bash . Inside this console you can use the ssh-keyscan command -
Phil Andrews about 3 yearsIt's the #2ssh-keyscanthat's missing from the Github docs on adding a new ssh key. -
Spencer Pollock almost 3 yearsI was having issues with myDockerfilehaving a lack of permission. Adding the 2nd step here fixed that problem! Thank you for the great work -
Andrew Rueckert almost 3 yearsFun fact, runningsudo ssh-keygen -R domain.comcan rename your existingknown_hostsfile to beknown_hosts.old, and create a copy that is only readable by root. (-rw------- root root) You can easilychownthis back to the appropriate user, but you also might waste an afternoon debugging why git is broken. :D -
JolonB over 2 yearsAre you sure you want to continue connecting (yes/no)?. Don't make the same mistake as me. You need to typeyes. Simply hitting enter doesn't select yes by default -
Cameron Hudson over 2 yearsIn my case, I simply hadn't mounted the existingknown_hostsfile into the container. In addition to mounting my SSH key into the container, I added-v ${HOME}/.ssh/known_hosts:/root/.ssh/known_hoststo mydocker runcommand. -
Sebastian Juarez over 2 yearsFor CI environments, like Jenkins, you can not asnwer yes when prompted to. So, make sure that: 1. you have the ssh keys correctly created and in the .ssh dir inside your home. 2. the target domain added to known_hosts as stated here. -
SHAKU almost 2 yearsI followed the above step and failed as I was giving github.com as the hostKey in spring config server properties files. Those who are failing to connect spring.cloud.config-server to fetch from git, see this tranhoangminh.wordpress.com/2018/09/14/…. Well explained here. -
andrew over 1 yearOne gotcha is that you might need the port number for the remote repository:ssh-keyscan -p 8888 -t rsa domain.com >> ~/.ssh/known_hosts -
jbg over 1 year@AndrewRueckert one of the many reasons why randomly addingsudoto the beginning of commands is a bad idea. -
Diaa over 1 yearYou don't know how many years of frustration your answer could save. It also fixed the authentication errors of github desktop. I need to try it with my flu as well XD -
jamie about 1 yearI also had to do this, thank you! -
JMA about 1 yearFirst day at a new job on a new MacBook, you just saved me from a build issue my senior dev had never seen before. Cheers m8 -
Navin Leon 11 monthsThis worked for me!, thank you @TRUPAL -
Kenny Evitt 11 monthsBefore adding the keys directly to aknown_hostsfile, you should probably compare the key fingerprints to fingerprints provided via another 'channel'. -
Jeremy Caney 11 monthsThere are 26 existing answers to this question, including a top-voted, accepted answer with over five hundred votes. Are you certain your solution hasn't already been given? If not, why do you believe your approach improves upon the existing proposals, which have been validated by the community? Offering an explanation is always useful on Stack Overflow, but it's especially important where the question has been resolved to the satisfaction of both the OP and the community. Help readers out by explaining what your answer does different and when it might be preferred. -
Arcsector 11 monthsThis simply changes the authentication method from SSH to HTTPS - this is not a solution if you're actually trying to use SSH keys, which the OP was not, however a bunch of other people here are, so I would say this isn't extremely valid for 90% of use cases. -
TrueWill 9 monthsPlease note thatmkdir -p ~/.sshmay be necessary first, as noted in @Saran's answer. -
Akanksha Atrey 7 monthsWow, I was stuck on this for the past hour and this solved it. Thank you! -
Someone Special 6 monthsVscode suddenly giving me the titled error for no reason. Simply using this answer works for me. -
Cameron Jewell 6 months@JolonB that was my issue, thanks a ton