Sling Academy
Home/DevOps/Fixing Git Error: Host Key Verification Failed (3 Solutions)

Fixing Git Error: Host Key Verification Failed (3 Solutions)

Last updated: January 27, 2024

Table of Contents

  1. Understanding the Error
  2. Solution 1: Verify and Add Host Key
  3. Solution 2: Remove Stale Host Key
  4. Solution 3: SSH Configuration Adjustment

Understanding the Error

The ‘Host Key Verification Failed’ error in Git usually occurs when you’re accessing a remote Git repository over SSH. This issue indicates that the host key of the remote server is not known to your local machine or has been changed since its last entry in the known host’s file. Git, and SSH more broadly, uses this host key verification to maintain the integrity and security of the established connection.

There are several reasons why this error could pop up:

  • A mismatch in the server’s SSH key because the server was replaced or reconfigured.
  • The first time connection to the remote host and its key is not added to the known_hosts file.
  • Possibly malicious activity such as a Man-in-the-Middle attack.

Solution 1: Verify and Add Host Key

Before you proceed, make sure the new host key is legitimate and the server identity is confirmed to prevent security risks.

Manually verify the remote host key and add it to the .ssh/known_hosts file. Verify the key by contacting the system administrator of the remote server to ensure it’s safe to connect.

  1. Retrieve the new host key by using the ssh-keyscan utility.
  2. Compare the received key with the one provided by the system administrator.
  3. If the keys match, append the key to the known_hosts file.
  4. Try connecting to the Git repository again.

Example:


# 1. Retrieve new host key using ssh-keyscan
ssh-keyscan -H hostname.com >> ~/.ssh/known_hosts

# You should then verify this key manually and potentially run
# 2. Verify key (manual comparison)

# 3. Append key to known_hosts
# If verified, the above command has already appended it 

# 4. Retry connection
git clone ssh://hostname.com/path/to/repo.git

Notes: Always ensure you’re obtaining the key from a trusted source before adding it to the known_hosts file. Never blindly accept new SSH keys without verification, as it could be a security risk.

Solution 2: Remove Stale Host Key

If the host key has indeed changed legitimately, you must remove the old key from the known_hosts file.

  1. Open the known_hosts file and find the entry for the remote host that has changed.
  2. Delete the old host key entry for the hostname.
  3. Use ssh-keyscan to retrieve the new host key and add it to known_hosts as in Solution 1, verifying its authenticity first.
  4. Attempt your Git operation again.

Example:


# 1. Find the old key. The following command will indicate the line number.
ssh-keygen -F hostname.com

# 2. Remove the old key
ssh-keygen -R hostname.com

# 3. Retrieve and append new host key after verification
ssh-keyscan -H hostname.com >> ~/.ssh/known_hosts

# 4. Retry connecting
git clone ssh://hostname.com/path/to/repo.git

Notes: Removing the old key eliminates the conflict but does not address potential underlying issues like unauthorized changes to the server.

Solution 3: SSH Configuration Adjustment

Changing the SSH configuration to not verify the host key. While not recommended due to security concerns, this can serve as a temporary workaround.

  1. Edit your SSH configuration file, usually found at ~/.ssh/config.
  2. Add ‘StrictHostKeyChecking no’ to disable strict key checking for the specific host.
  3. Save changes and try to perform the Git operation again.

Example:


# 1. Edit your SSH configuration
nano ~/.ssh/config

# In the file, add:
Host hostname.com
  StrictHostKeyChecking no

# 3. Attempt the Git operation
git clone ssh://hostname.com/path/to/repo.git

Notes: While this approach may allow you to bypass the error, it significantly reduces the security of your connection. Strict host key checking is an important protective measure against man-in-the-middle attacks.

Next Article: How to filter commits by author in Git log

Previous Article: How to remove a file from Git repo but keep it locally

Series: Git & GitHub Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide