[英]Not able to "git pull" - Host key verification failed
I've got root access to our production server and I want to deploy the latest version in git to the server but I'm running into the error below when I "git pull" on the folder I want to update.我有对我们的生产服务器的 root 访问权限,我想将 git 中的最新版本部署到服务器,但是当我在要更新的文件夹上“git pull”时遇到以下错误。
I've browsed around a bit, but can't find a clear answer on what to do..我浏览了一下,但找不到关于该做什么的明确答案。
The staging server runs on the same machine, but just in a different folder and when I pull
on that folder it all goes fine.登台服务器在同一台机器上运行,但只是在不同的文件夹中,当我pull
该文件夹时一切正常。
I'm not very experienced when it comes to Linux, so please help me out with a clear answer on how to fix:-)我对 Linux 不是很有经验,所以请帮我明确回答如何修复:-)
Otherwise I have access to anything I need否则我可以访问我需要的任何东西
ps This has worked in the past, so I'm assuming it's got something to do with the SSH key ps 这在过去有效,所以我假设它与 SSH 密钥有关
Error:错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for www.site.org has changed,
and the key for the corresponding IP address x.x.x.x
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
*************
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R gitlab.site.org
ECDSA host key for gitlab.site.org has changed and you have requested strict checking.
Host key verification failed.
In the log you see the following text:在日志中,您会看到以下文本:
(...) Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R gitlab.site.org ECDSA host key for gitlab.site.org has changed and you have requested strict checking. Host key verification failed.
So it is a matter of performing the command that is suggested there:所以这是执行那里建议的命令的问题:
ssh-keygen -f "/root/.ssh/known_hosts" -R gitlab.site.org
Windows:视窗:
/Users/Abhilash/.ssh/known_hosts
and delete the contents in it and save.转到/Users/Abhilash/.ssh/known_hosts
并删除其中的内容并保存。Linux / Mac: Linux/Mac:
~/.ssh/
转到~/.ssh/
ctrl+O
删除里面的内容并保存ctrl+O
Note: You will be promted to save the key while pushing again.注意:再次按下时,系统会提示您保存密钥。
I have also faced the same issue after following these steps it worked for me.按照这些对我有用的步骤后,我也遇到了同样的问题。
For macOS:对于 macOS:
Step 1: Go to Folder or use command+shift+g
Step 2: type "~/.ssh/"
Step 3: Open "known_hosts" file and Remove all the content
Step 4: Now Open terminal and pull from another branch, It will ask for password give your system password.
It will work surely.它肯定会起作用。
All of the other answers introduce security risks.所有其他答案都会带来安全风险。
This error appears because you have a record in your known_hosts
file which says that the server should have a particular ssh key.出现此错误是因为您的known_hosts
文件中有一条记录,表明服务器应该具有特定的 ssh 密钥。 But when you try to connect, the server has sent a different ssh key which does not match the one in your known_hosts
file.但是当您尝试连接时,服务器发送了一个不同的 ssh 密钥,该密钥与您的known_hosts
文件中的密钥不匹配。 Your particular error message says:您的特定错误消息说:
Offending ECDSA key in /root/.ssh/known_hosts:1
This means that the first line in the known_hosts
file is different to what the remote server is sending.这意味着known_hosts
文件中的第一行与远程服务器发送的不同。
The secure way to fix the issue is as follows:解决此问题的安全方法如下:
known_hosts
file is correct.检查known_hosts
文件中的现有指纹是否正确。ssh-keygen -lf ~/.ssh/known_hosts
(or /root/.ssh/known_hosts
in your case) to generate SHA256 fingerprints from your known_hosts
file.您可以运行ssh-keygen -lf ~/.ssh/known_hosts
(或/root/.ssh/known_hosts
在您的情况下)从您的known_hosts
文件生成 SHA256 指纹。 Your error message says that the problem is with the first key.您的错误消息说问题出在第一个键上。 Find the equivalent SHA256 fingerprint on GitHub or GitLab and check if it matches exactly.在 GitHub 或 GitLab 上找到等效的 SHA256 指纹并检查它是否完全匹配。 256 SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw gitlab.com (ECDSA)
and here is the ECDSA SHA256 fingerprint from the GitLab website:这是来自GitLab网站的 ECDSA SHA256 指纹: HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw
known_hosts
matches the official fingerprint from the GitHub or GitLab website, then ssh
has detected a Man in the Middle (MitM) attack.如果来自known_hosts
的现有指纹与来自GitHub或GitLab网站的官方指纹匹配,则ssh
已检测到中间人 (MitM) 攻击。 STOP .停止。 Do not connect to the server.不要连接到服务器。 Try connecting from a different internet connection.尝试从不同的 Internet 连接进行连接。 Talk to your administrator.与您的管理员交谈。known_hosts
does not match the official fingerprint, then either you were under a MitM attack previously, or the server hosting GitLab has changed its ssh keys.如果known_hosts
中的现有指纹与官方指纹不匹配,那么要么您之前受到了中间人攻击,要么托管 GitLab 的服务器已更改其 ssh 密钥。 You can delete the fingerprint from your known_hosts
file.您可以从known_hosts
文件中删除指纹。 ( Note : Only delete the specific fingerprint which is causing trouble.) Next time you connect to GitLab, you will be prompted to add the new fingerprint to the known_hosts
file. (注意:只删除导致问题的特定指纹。)下次连接到 GitLab 时,系统会提示您将新指纹添加到known_hosts
文件中。 The authenticity of host 'gitlab.com (172.65.251.78)' can't be established. ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw. Are you sure you want to continue connecting (yes/no/[fingerprint])?
Double-check that the fingerprint matches what is shown on the GitHub or GitLab website, then type yes
or no
accordingly.仔细检查指纹是否与GitHub或GitLab网站上显示的内容匹配,然后相应地输入yes
或no
。Try replacing ssh with:尝试将 ssh 替换为:
ssh -oStrictHostKeyChecking=no
since if the key hasn't been accepted yet, then it will ask do you want to accept it yes/no.因为如果密钥尚未被接受,那么它会询问您是否要接受它是/否。 Alternatively, you can also do this in your CI file just before the SSH command:或者,您也可以在 SSH 命令之前在 CI 文件中执行此操作:
echo "StrictHostKeyChecking no" >> ~/.ssh/config
courtesy: https://forum.gitlab.com/t/error-host-key-verification-failed/77315/3礼貌: https://forum.gitlab.com/t/error-host-key-verification-failed/77315/3
if you'd like to remove this message permanently you can edit your ssh config file ( ~/.ssh/config
) to include:如果您想永久删除此消息,您可以编辑您的 ssh 配置文件 ( ~/.ssh/config
) 以包括:
Host {YOUR HOST HERE}
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.