Error "The authenticity of host 'github.com' can't be established. RSA key fingerprint "

Question

I use my project at work, but I would like to work with him from home as I can log into my home machine to work with my project.

However, from home, I see the following message:

The authenticity of host 'github.com (ip)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no)?

How can I get past it?

VonC · Answer 1 · 2022-04-20T21:05:15.857

40

You should ~~simply be able to answer 'yes'~~, which will update your ~/.ssh/known_hosts file.

A better approach, to avoid any MITM (Man-In-The-Middle) attack, would be (as commented below by Mamsds) to verify Github's public key first (see "GitHub's SSH key fingerprints") and, if you find a match, then you can answer 'yes'.

Example:

ssh-keyscan -t ecdsa github.com 2>&1 |ssh-keygen -lf -
256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM github.com (ECDSA)

After that, you can use a GitHub SSH URL (provided you have generated the SSH public/private keys, and registered the public one to your GitHub profile)

Note: the ssh key generation should use the base64 old PEM format (option -m PEM), rather than the new current 70 chars OpenSSH one.
See "What is the correct format for private key in Credentials":

ssh-keygen -m PEM -t rsa -P "" -f afile

That or you can switch to an HTTPS URL.

edited Apr 20 '22 at 21:05

answered Dec 08 '17 at 05:31

VonC

1,129,465
480
4,036
4,755

4

I think you should add a caveat about MITM attacks if you simply answer yes. A better approach should be verifying Github's public key first (from here: `https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints`) and if you find a match then you can answer yes. – May 25 '21 at 13:27
1

@Mamsds Very good point, thank you. I have included your comment in the answer for more visibility. – VonC May 25 '21 at 13:41
Ok so... npm install is showing me a ECDSA key fingerprint in the format xx:xx:xx... but the above link gives me a different format, so I can't tell if it's a match or not! – Michael Apr 20 '22 at 19:52
@Michael I don't use `npm` to get a key fingerprint though. Only `ssh-keyscan -t ecdsa github.com 2>&1 |ssh-keygen -lf -`. Which does return `256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM github.com (ECDSA)`, as expected. – VonC Apr 20 '22 at 21:04

Shakil · Answer 2 · 2020-11-06T16:06:30.300

As you are attempting to connect to Github using SSH for the first time (no existing entry for Github in ~/.ssh/known_hosts yet), you are being asked to verify the key fingerprint of the remote host. Because, if an intruder host represents itself as a Github server, it's RSA fingerprint will be different from that of a GitHub server fingerprint.

You have two options.

You may just accept, considering you don't care about the authenticity of the remote host (Github in this case), or,
You may verify that you are actually getting connected to a Github server, by matching the RSA fingerprint you are presented to (in the prompt), with GitHub's SSH key fingerprints in base64 format.

The latter option is usually more preferable.

So why does the web page show them in base 64, but the key i'm being asked to compare from npm install is a sequence of hex digit pairs separated by colons? How am I supposed to know if they are equal? — Michael, Apr 20 '22 at 19:54

score 7 · Answer 3 · answered May 15 '20 at 12:34

Use one of the following two solutions:

1) Set up the SSH key

Follow the steps discussed on this GitHub help page.

https://help.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh

2) Clone using git with HTTPS

Type (copy/paste) the following commands in a terminal on the machine where you would like to clone the repository

git config --global url."https://github.com/".insteadOf git@github.com:
git config --global url."https://".insteadOf git://

You can revert this change using the following commands

git config --global url."git@github.com:".insteadOf https://github.com/
git config --global url."git://".insteadOf https://

Also this command will not really toggle the config, but each call will append one to the config. — k0pernikus, Aug 04 '20 at 16:58

score 7 · Answer 4 · answered Oct 03 '21 at 13:12

7

Just add Github fingerprint to known hosts this way:

ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts

answered Oct 03 '21 at 13:12

Emmanuel Mahuni

1,423
14
14

I had to create the folder as well `mkdir ~/.ssh` – banan3'14 Jan 02 '22 at 23:43

score 3 · Answer 5 · edited Mar 24 '21 at 15:21

Try these steps:

Open Git Bash

Check for existing SSH keys:

$ ls -al ~/.ssh

If you already have them, you will see:

id_rsa.pub

id_ecdsa.pub

id_ed25519.pub

If you don't, generate one (Press Enter to accept the default file location):

$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

To copy the key to clipboard:

$ clip < ~/.ssh/id_rsa.pub

Go to your account on Github/Settings/SSH and GPG keys/New SSH key

Paste your key there

Next, type:

$ git remote

If you see origin, remove it:

$ git remote remove origin

Continue with the last 2 steps provided on GitHub repo page...

$ git remote add origin git@github.com:USERNAME/REPONAME.git

$ git push -u origin master

Refresh your GitHub repo page

Voila!

To copy the key to clipboard - `pbcopy < ~/.ssh/id_ed25519.pub` Reference - https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account — Shubham Bisht, Aug 16 '21 at 07:03

score 0 · Answer 6 · answered Feb 20 '22 at 16:02

0

You just need to type yes and it will work, for more information you can refer to the Official Github documentation. This will give an output saying

Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.

answered Feb 20 '22 at 16:02

kriptonian

167
1
1
10