The ‘Host Key Verification Failed’ error in Git usually occurs when you’re accessing a remote Git repository over SSH. This issue indicates that the host key of the remote server is not known to your local machine or has been changed since its last entry in the known host’s file. Git, and SSH more broadly, uses this host key verification to maintain the integrity and security of the established connection.

There are several reasons why this error could pop up:

A mismatch in the server’s SSH key because the server was replaced or reconfigured.

The first time connection to the remote host and its key is not added to the known_hosts file.
Possibly malicious activity such as a Man-in-the-Middle attack.

Solution 1: Verify and Add Host Key

Before you proceed, make sure the new host key is legitimate and the server identity is confirmed to prevent security risks.

Manually verify the remote host key and add it to the .ssh/known_hosts file. Verify the key by contacting the system administrator of the remote server to ensure it’s safe to connect.

Retrieve the new host key by using the ssh-keyscan utility.
Compare the received key with the one provided by the system administrator.

If the keys match, append the key to the known_hosts file.
Try connecting to the Git repository again.

Example:


# 1. Retrieve new host key using ssh-keyscan
ssh-keyscan -H hostname.com >> ~/.ssh/known_hosts

# You should then verify this key manually and potentially run
# 2. Verify key (manual comparison)

# 3. Append key to known_hosts
# If verified, the above command has already appended it 

# 4. Retry connection
git clone ssh://hostname.com/path/to/repo.git

Notes: Always ensure you’re obtaining the key from a trusted source before adding it to the known_hosts file. Never blindly accept new SSH keys without verification, as it could be a security risk.

Solution 2: Remove Stale Host Key

If the host key has indeed changed legitimately, you must remove the old key from the known_hosts file.

Open the known_hosts file and find the entry for the remote host that has changed.

Delete the old host key entry for the hostname.
Use ssh-keyscan to retrieve the new host key and add it to known_hosts as in Solution 1, verifying its authenticity first.
Attempt your Git operation again.

Example:


# 1. Find the old key. The following command will indicate the line number.
ssh-keygen -F hostname.com

# 2. Remove the old key
ssh-keygen -R hostname.com

# 3. Retrieve and append new host key after verification
ssh-keyscan -H hostname.com >> ~/.ssh/known_hosts

# 4. Retry connecting
git clone ssh://hostname.com/path/to/repo.git

Notes: Removing the old key eliminates the conflict but does not address potential underlying issues like unauthorized changes to the server.

Solution 3: SSH Configuration Adjustment

Changing the SSH configuration to not verify the host key. While not recommended due to security concerns, this can serve as a temporary workaround.

Edit your SSH configuration file, usually found at ~/.ssh/config.
Add ‘StrictHostKeyChecking no’ to disable strict key checking for the specific host.
Save changes and try to perform the Git operation again.

Example:


# 1. Edit your SSH configuration
nano ~/.ssh/config

# In the file, add:
Host hostname.com
  StrictHostKeyChecking no

# 3. Attempt the Git operation
git clone ssh://hostname.com/path/to/repo.git

Notes: While this approach may allow you to bypass the error, it significantly reduces the security of your connection. Strict host key checking is an important protective measure against man-in-the-middle attacks.

Next Article: Git: Adding all files in the current directory to the staging area

Previous Article: How to undo a Git revert (reset to pre-revert state)

Series: Git & GitHub Tutorials

DevOps