By bootsz


2012-11-13 15:26:36 8 Comments

I am trying to connect to a remote Git repository that resides on my web server and clone it to my machine.

I am using the following format for my command:

git clone ssh://[email protected]/repository.git

This has worked fine for most of my team members. Usually after running this command Git will prompt for the user's password, and then run the cloning. However, when running on one of my machines I get the following error:

Host key verification failed.

fatal: Could not read from remote repository.

We are not using SSH keys to connect to this repository, so I'm not sure why Git is checking for one on this particular machine.

19 comments

@TheHowlingHoaschd 2020-10-13 08:28:35

Reason seems to be that the public key of the remote host is not stored or different from the stored one. (Be aware of security issues, see Greg Bacon's answer for details.)

I was used to git clone prompting me in this case:

The authenticity of host 'host.net (10.0.0.42)' can't be established.
ECDSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)?

Not sure, why this error is thrown instead. Could be the configuration of your shell or the git SSH command.
Anyhow, you can get the same prompt by running ssh [email protected].

@Lamri Djamal 2020-08-09 23:27:27

You kan use https instead of ssh for git clone or git pull or git push

ex:

git clone https://github.com/user/repo.git

@RP- 2020-07-19 18:57:40

The solutions mentioned here are great, the only missing point is, what if your public and private key file names are different than the default ones?

Create a file called "config" under ~/.ssh and add the following contents

Host github.com
    IdentityFile ~/.ssh/github_id_rsa

Replace github_id_rsa with your private key file.

@Sandy 2019-07-18 11:31:57

When the remote server wants to connect to the private repo, it would authenticate via ssh. Create the private-public key pair with ssh-keygen or if you already have the public-private key. copy&paste the public key in the Settings of the private repo.

YourPrivateRepo -> Settings -> Deploy Keys -> Add deploy key -> Paste the public key.

Now the remote server would be able to connect to the private repo.

NOTE: The deploy keys has access only for reading the repo. Need to explicitly allow write access.

@Saran 2015-04-28 00:16:21

I had the similar issue, but, using SSH keys. From Tupy's answer, above, I figured out that the issue is with known_hosts file not being present or github.com not being present in the list of known hosts. Here are the steps I followed to resolve it -

  1. mkdir -p ~/.ssh
  2. ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
  3. ssh-keygen -t rsa -C "user.email"
  4. open the public key with this command $ cat ~/.ssh/id_rsa.pub and copy it.
  5. Add the id_rsa.pub key to SSH keys list on your GitHub profile.

@Tad Lispy 2018-06-10 17:14:18

@OJFord FYI: I have edited the original answer in a way that makes your comment obsolete. TBH and with all due respect it wasn't entirely correct in the first place. The touch command would fail in case ~/.ssh directory does not exist, so step 1 was still required. Also you don't need to touch the file before using >> redirection. It will be created if necessary (but just the file, not entire path, so still mkdir -p is needed). The -p option make it work in case the directory already exists.

@Phil Andrews 2019-10-14 15:03:08

It's the #2 ssh-keyscan that's missing from the Github docs on adding a new ssh key.

@Spencer Pollock 2020-02-16 09:56:38

I was having issues with my Dockerfile having a lack of permission. Adding the 2nd step here fixed that problem! Thank you for the great work

@Greg Bacon 2012-11-13 15:59:18

You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.

The host key for domain.com has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.com or letting an SSH utility do it for you with

ssh-keygen -R domain.com

From here, record the updated key either by doing it yourself with

ssh-keyscan -t rsa domain.com >> ~/.ssh/known_hosts

or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.com) by answering yes when prompted

The authenticity of host 'domain.com (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?

The reason for this prompt is domain.com is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.com. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)

I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.

@Andrew Rueckert 2020-02-28 23:39:01

Fun fact, running sudo ssh-keygen -R domain.com can rename your existing known_hosts file to be known_hosts.old, and create a copy that is only readable by root. (-rw------- root root) You can easily chown this back to the appropriate user, but you also might waste an afternoon debugging why git is broken. :D

@JolonB 2020-05-24 22:20:26

Are you sure you want to continue connecting (yes/no)?. Don't make the same mistake as me. You need to type yes. Simply hitting enter doesn't select yes by default

@Cameron Hudson 2020-08-19 17:40:42

In my case, I simply hadn't mounted the existing known_hosts file into the container. In addition to mounting my SSH key into the container, I added -v ${HOME}/.ssh/known_hosts:/root/.ssh/known_hosts to my docker run command.

@Sebastian Juarez 2020-08-25 19:47:46

For CI environments, like Jenkins, you can not asnwer yes when prompted to. So, make sure that: 1. you have the ssh keys correctly created and in the .ssh dir inside your home. 2. the target domain added to known_hosts as stated here.

@shutsuke 2019-04-22 07:10:50

When asked:

Are you sure you want to continue connecting (yes/no)?

Type yes as the response

That is how I solved my issue. But if you try to just hit the enter button, it won't work!

@Adiii 2018-07-30 13:16:29

I was facing the same error inside DockerFile during build time while the image was public. I did little modification in Dockerfile.

 RUN git clone  https://github.com/kacole2/express-node-mongo-skeleton.git /www/nodejs

This would be because using the [email protected]:... syntax ends up > using SSH to clone, and inside the container, your private key is not > available. You'll want to use RUN git clone > https://github.com/edenhill/librdkafka.git instead.

@Powderham 2017-11-01 09:46:47

This is happening because github is not currently in your known hosts.

You should be prompted to add github to your known hosts. If this hasn't happened, you can run ssh -T [email protected] to receive the prompt again.

@Matthias Hagemann 2018-07-07 08:23:32

This is the right answer if you never get prompted.

@fyodrs 2018-04-27 01:00:47

I got this message when I tried to git clone a repo that was not mine. The fix was to fork and then clone.

@Julian Knight 2018-04-05 16:51:53

If you are using git for Windows.

  • Open the git GUI.
  • Open the local git repository in git GUI.
  • Add the remote or push if the remote already exists.
  • Answer "yes" to the question about whether you want to continue.

The GUI client adds the key for you to ~/.ssh/known_hosts. This is easier to remember if you don't do it often and also avoids the need to use the git command line (the standard Windows command lines don't have the ssh-keyscan executable.

@ghiscoding 2018-01-21 21:18:10

What worked for me was to first add my SSH key of the new computer, I followed these instructions from GitLab - add SSH key. Note that since I'm on Win10, I had to do all these commands in Git Bash on Windows (it didn't work in regular DOS cmd Shell).

Then again in Git Bash, I had to do a git clone of the repo that I had problems with, and in my case I had to clone it to a different name since I already had it locally and didn't want to lose my commits. For example

git clone ssh://[email protected]/myRepo.git myRepo2

Then I got the prompt to add it to known hosts list, the question might be this one:

Are you sure you want to continue connecting (yes/no)?

I typed "yes" and it finally worked, you should typically get a message similar to this:

Warning: Permanently added '[your repo link]' (ECDSA) to the list of known hosts.

Note: if you are on Windows, make sure that you use Git Bash for all the commands, this did not work in regular cmd shell or powershell, I really had to do this in Git Bash.

Lastly I deleted the second clone repo (myRepo2 in the example) and went back to my first repo and I could finally do all the Git stuff like normal in my favorite editor VSCode.

@Josiah Yoder 2018-08-02 18:00:27

Indeed, my Cygwin prompt looks nearly exactly like my git bash prompt, but it only works in the git bash prompt!

@Code-Apprentice 2017-08-02 22:51:53

For me, I just had to type "yes" at the prompt which asks "Are you sure you want to continue connecting (yes/no)?" rather than just pressing Enter.

@Sashah 2017-11-20 20:34:15

This answer lead me to realize I had to manually clone my repo on my build server in order to type 'yes' and get my bitbucket server added to my known_hosts

@Code-Apprentice 2017-12-13 16:03:37

@Sashah If all you need is the bitbucket server in known_hosts, you can edit the file manually. No need to clone the repo if this is the only reason to do so.

@sunil 2017-03-04 01:40:29

If you are in office intranet (otherwise dangerous) which is always protected by firewalls simply have the following lines in your ~/.ssh/config

Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

@Mnebuerquo 2018-03-17 20:42:36

This is still dangerous, with our without corporate firewalls. How do you know you're talking to the real github without verifying the server key?

@sunil 2018-05-21 13:36:15

In corporate environments local git repos are mostly used, never opensource one. Worst case .ssh config at the top of the file can have github explicit host related config lines for ssh to choose more specific matches.

@Jay Patel 2016-08-14 05:02:16

Its means your remote host key was changed (May be host password change),

Your terminal suggested to execute this command as root user

$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]

You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.

$ sudo su                                                        // Login as a root user

$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]    // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

$ exit                                                           // Exist from root user

Try Again, Hope this works.

@Phlarx 2017-01-16 19:38:07

Note: depending on your shell, you may have to escape the square brackets \[ and \] or use quotes.

@Nitin 2016-05-11 09:58:12

You can use your "git url" in 'https" URL format in the Jenkinsfile or wherever you want.

git url: 'https://github.com/jglick/simple-maven-project-with-tests.git'

@Jerome Vacher 2016-01-22 18:28:42

I had the similar issue, unfortunately I used the GitExtensions HMI and forgot that I wrote a passphrase. With HMI.... forget it ! Do not enter passphrase when you generate your key !

@Tupy 2015-04-01 00:17:14

As I answered previously in Cloning git repo causes error - Host key verification failed. fatal: The remote end hung up unexpectedly, add the GitHub to the list of authorized hosts:

ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts

@Zenexer 2015-08-13 13:49:28

This is the most secure way, short of already having the key present. That's assuming you only run it once, not every time you connect to the server.

@Fendy 2016-04-12 03:07:27

My company's private fit repository is using ecdsa as key, so if the solution isn't working, maybe it is because the algorithm isn't correct

@Keyur 2017-08-09 13:11:06

This should be the accepted answer. Thanks for saving my day.

@StackAttack 2018-11-16 16:34:33

worked for me too, I was wondering why I couldn't clone my own repo

@Wai Ha Lee 2019-02-22 12:04:21

Somebody has flagged this post (incorrectly). From Review.

@double-beep 2019-02-22 12:12:19

FYI, your post has been flagged as low quality and the flag has been declined. From Review

@Rafael Araújo 2019-03-25 14:51:43

If you're using Windows, the easiest is to install git-for-windows(download) and open Git Bash . Inside this console you can use the ssh-keyscan command

@Codetard 2020-05-21 10:25:57

Wow! Worked for me!

@Geoffroy 2013-08-06 12:04:09

I got the same problem on a newly installed system, but this was a udev problem. There was no /dev/tty node, so I had to do:

mknod -m 666 /dev/tty c 5 0

@Doomsday 2014-11-02 14:31:38

It worked for me because /dev/tty was created as a file, very odd! (so you have to remove it then recreate it with mknod)

@Milad 2014-12-17 12:29:57

@Geoffroy , I removed /dev/tty and now when do sudo , I face this error : sudo: sorry, you must have a tty to run sudo

@Geoffroy 2014-12-17 17:33:22

@xe4me I never said you should remove it, depending on the system it is actually required. Reboot should fix it.

@Milad 2014-12-18 09:58:32

@Geoffroy , actually the first commentator , said I have to remove and the recreate :d Nope , rebooting didn't work , I had to tell the root , he fixed it :d

Related Questions

Sponsored Content

15 Answered Questions

36 Answered Questions

[SOLVED] The remote end hung up unexpectedly while git cloning

  • 2011-07-27 10:12:13
  • Joe
  • 366358 View
  • 295 Score
  • 36 Answer
  • Tags:   git

25 Answered Questions

[SOLVED] How to change the URI (URL) for a remote Git repository?

  • 2010-03-12 12:48:47
  • e-satis
  • 1762698 View
  • 4110 Score
  • 25 Answer
  • Tags:   git url git-remote

30 Answered Questions

[SOLVED] SSH Key - Still asking for password and passphrase

43 Answered Questions

[SOLVED] How to solve Permission denied (publickey) error when using Git?

29 Answered Questions

[SOLVED] How to specify the private SSH-key to use when executing shell command on Git?

  • 2010-12-30 19:42:01
  • Christoffer
  • 1161744 View
  • 1211 Score
  • 29 Answer
  • Tags:   git bash shell ssh

16 Answered Questions

[SOLVED] Getting ssh to execute a command in the background on target machine

  • 2008-08-26 22:55:58
  • dagorym
  • 301892 View
  • 313 Score
  • 16 Answer
  • Tags:   bash ssh csh

29 Answered Questions

[SOLVED] could not resolve host github.com error while cloning remote repository in git

  • 2013-12-04 08:17:35
  • HyperioN
  • 274299 View
  • 150 Score
  • 29 Answer
  • Tags:   git github

9 Answered Questions

[SOLVED] How do you push a tag to a remote repository using Git?

7 Answered Questions

[SOLVED] How to change the remote repository for a git submodule?

  • 2009-05-27 02:35:49
  • Andrew Grimm
  • 275879 View
  • 762 Score
  • 7 Answer
  • Tags:   git git-submodules

Sponsored Content