You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.
The host key for domain.example has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.example or letting an SSH utility do it for you with
ssh-keygen -R domain.example
From here, record the updated key either by doing it yourself with
ssh-keyscan -t rsa domain.example >> ~/.ssh/known_hosts
or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.example) by answering yes when prompted
The authenticity of host 'domain.example (a.b.c.d)' can't be established. RSA key fingerprint is XX:XX:...:XX. Are you sure you want to continue connecting (yes/no)?
The reason for this prompt is domain.example is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.example. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)
I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.
You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.
The host key for domain.example has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.example or letting an SSH utility do it for you with
ssh-keygen -R domain.example
From here, record the updated key either by doing it yourself with
ssh-keyscan -t rsa domain.example >> ~/.ssh/known_hosts
or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.example) by answering yes when prompted
The authenticity of host 'domain.example (a.b.c.d)' can't be established. RSA key fingerprint is XX:XX:...:XX. Are you sure you want to continue connecting (yes/no)?
The reason for this prompt is domain.example is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.example. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)
I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.
As a security precaution, SSH keeps track of which hosts it has previously seen.
This error means that the server to which you’re connecting presented a key that doesn’t match the keys seen for this server in the past.
You may see this error if the server has changed its keys unexpectedly, in which case you should be able to find an official report from a trustworthy source announcing the change. If GitHub changes its SSH host key, this will be announced on the GitHub Blog at github.blog.
You can find an up-to-date list of GitHub’s public SSH keys on GitHub Docs. You may need to add these keys to your known_hosts file. For more information, see «GitHub’s SSH key fingerprints.»
If you are encountering the error but can’t find an official source for the server’s keys, it is safest not to connect, because you may be connecting to a server other than your intended server. You may want to contact your IT department or the server’s support team for help. If the server is being impersonated, the owner of the server will appreciate you informing them.
When cloning (or doing other operations) through a remote server (for example, Github, Bitbucket, or Gitlab), a developer can get the «host key verification failed git» error. But what is this error, and how do you fix it?
The «host key verification failed git» error happens when a remote server’s host key does not match the locally stored key.
This article explains this error and proposes a solution for fixing it.
Let’s get to it 😎.
Why does this error happen?
The «host key verification failed git» error happens when a remote server’s host key doesn’t match the key stored inside your known hosts.
But what is this remote server’s host key?
A remote server’s host key verifies the remote server’s identity and prevents man-in-the-middle attacks.
When you connect to a remote server for the first time (using SSH), its host key is stored inside a file called known_hosts inside the .ssh folder.
Each time you connect to the remote server, the key is verified.
If a remote server’s host key changes (for example, if the server’s IP changes), you will get an error.
How to fix this error?
To fix the «host key verification failed git» error you need to remove the incorrect key from your known_hosts and replace it with a valid one.
Here are the steps you need to follow:
1. Remove the old host key by running this command:
bashssh-keygen -R <hostname>
P.S. Replace <hostname> with a hostname (for example, github.com) or a remote server’s IP address.
2. Add the new host key to your known host’s list using this command:
bashssh-keyscan -t rsa <hostname> >> ~/.ssh/known_hosts
Alternatively, you can let SSH do it for you next time you connect using git push, git fetch, or via SSH.
You will get a warning message like so when trying to connect:
bashThe authenticity of host '<hostname> (<IP address>)' can't be established.
RSA key fingerprint is <fingerprint>.
Are you sure you want to continue connecting (yes/no)?
Type yes, and you are good to go!
Final thoughts
As you can see, fixing the «host key verification failed git» error is easy.
Although annoying, this security feature protects our data and information.
Let’s be grateful that this feature exists!
Here are some other Git tutorials for you to enjoy:
- How to fix «fatal: not a git repository» in Git?
- How to fix a stuck push in Git?
- How to fix git add not working?
written by:
Hello! I am Tim Mouskhelichvili, a Freelance Developer & Consultant from Montreal, Canada.
I specialize in React, Node.js & TypeScript application development.
If you need help on a project, please reach out, and let’s work together.
Loading