Mailing List Archive: github changed ssh key?

github changed ssh key?

Mar 24, 2023, 5:21 AM

Post #1 of 3 (102 views)

I just tried to do a 'git fetch' and am seeing:

```
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /home/davem/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/davem/.ssh/known_hosts:59
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
```

I can obviously "fix" this by deleting the line from known_hosts, but
have github actually changed their key, or am I seeing a genuine
man-in-middle attack, or what?

.git/config:
...
[remote "origin"]
fetch = +refs/heads/*:refs/remotes/origin/*
url = git@github.com:Perl/perl5.git

~/.ssh/known_hosts:59:
github.com,140.82.118.4 ssh-rsa AAAAB3Nz ...

--
"Procrastination grows to fill the available time"
-- Mitchell's corollary to Parkinson's Law

Re: github changed ssh key? [ In reply to ]

peter at sysnix

Mar 24, 2023, 5:23 AM

Post #2 of 3 (102 views)

Permalink

On 24/03/2023 13:21, Dave Mitchell wrote:
> I can obviously "fix" this by deleting the line from known_hosts, but
> have github actually changed their key, or am I seeing a genuine
> man-in-middle attack, or what?

Yes, key has been changed:

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Re: github changed ssh key? [ In reply to ]

hernanlopes at gmail

Mar 24, 2023, 10:13 AM

Post #3 of 3 (102 views)

Permalink

github updated their keys:

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

On 3/24/23 09:21, Dave Mitchell wrote:
> I just tried to do a 'git fetch' and am seeing:
>
> ```
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
> Please contact your system administrator.
> Add correct host key in /home/davem/.ssh/known_hosts to get rid of this message.
> Offending RSA key in /home/davem/.ssh/known_hosts:59
> Host key for github.com has changed and you have requested strict checking.
> Host key verification failed.
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
> ```
>
> I can obviously "fix" this by deleting the line from known_hosts, but
> have github actually changed their key, or am I seeing a genuine
> man-in-middle attack, or what?
>
>
> .git/config:
> ...
> [remote "origin"]
> fetch = +refs/heads/*:refs/remotes/origin/*
> url = git@github.com:Perl/perl5.git
>
> ~/.ssh/known_hosts:59:
> github.com,140.82.118.4 ssh-rsa AAAAB3Nz ...
>
>
>