GitHub recently encountered an error and had to update its RSA secure shell (SSH) host key for security reasons. When users try to connect to their repositories, they will now see the message “Warning: Remote host identification has changed!”
What Is the Git “Remote Host Identification Has Changed” Error?
The GitHub “Remote host identification has changed” error was caused by GitHub changing its RSA SSH host key after its previous one had been made public. To fix the problem, you need to update your SSH known_hosts file.
In this article, you will find out what happened to GitHub and how to fix the error message.
What Caused the Git “Remote Host Identification Has Changed” Error
As explained in GitHub’s official statement, GitHub recently replaced its RSA SSH host key:
“At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for github.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH.”
The RSA SSH private key for github.com had accidentally been made public in a GitHub repository. Since this opened up potential security issues, GitHub replaced the compromised SSH key with a newly generated one.
For this reason, when you now try to connect to github.com you will get the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.
Regardless of the scary error message, what happened to GitHub does not pose any security risks to you. The update of the SSH key was done as a routine measure to ensure the security and integrity of SSH connections to github.com. That is a common practice when a private SSH key gets compromised.
Now that you understand the reason behind the “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!” error, it’s time to learn how to address it.
How To Fix the Git “Remote Host Identification Has Changed!” Error
To fix the problem, you need to update your SSH known_hosts file. This stores the RSA key fingerprints of every remote server you have connected to. When an RSA key changes, its fingerprint changes as well. So, you’ll need to update the known_hosts file to reflect the new fingerprint.
You’ll need to remove the old RSA key fingerprint for the hostname github.com from the SSH known hosts. To do so, open the terminal and launch:
ssh-keygen -R github.comThe next time you connect to GitHub, SSH will ask to recognize the new RSA key fingerprint:
The authenticity of host 'github.com (20.201.28.151)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type “yes,” if you see one of the following public key fingerprints:
- RSA:
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s - DSA — Deprecated:
SHA256:br9IjFspm1vxR3iA35FWE+4VTyz1hYVLIE2t1/CeyWQ - ECDSA:
SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM - Ed25519:
SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
Et voilà! The “Remote host identification has changed!” message is now gone.
In this article, we understood that the recent update of GitHub’s RSA SSH host key was a security measure aimed at ensuring the integrity of SSH connections to github.com. If you encounter the message “Warning: Remote host identification has changed!” when connecting to GitHub via SSH, there’s no need to worry. There is no security problem, and you can easily fix the error by updating the SSH known_hosts file as explained here.
