Score:1

Repetitive warnings about Github's ECDSA host key differing from the key for IP address

cn flag

I keep getting this message when using Git with Github:

Warning: the ECDSA host key for 'github.com' differs from the key for the IP address '20.248.137.48' Offending key for IP in /home/steve/.ssh/known_hosts:133 Matching host key in /home/steve/.ssh/known_hosts:140 Are you sure you want to continue connecting (yes/no)?

I'm aware that Github's SSH host key changed and have updated my ~/.ssh/known_hosts to include the new key, and triple checked that there are no other entries for it in that file.

When I update it, the message goes away for a bit (a few hours maybe) then inevitably returns.

It's particularly painful because if I attempt to interact with Github from within VS Code (for instance, pushing a branch), the window hangs, presumably waiting for me to type 'yes' into an invisible terminal.

I'm running Ubuntu 20.04.3 on WSL 2 on Windows 10.

muru avatar
us flag
The *RSA* host key changed. The ECDSA and Ed25519 didn't change. This is weird.
Score:0
ru flag

When GitHub cycles their keys, it can end up on any number of potential IP addresses. This is because GitHub uses a whole host and array of servers for their stuff. There's no way to properly filter all of those, so you might want to consider something like this added to your ~/.ssh/config file:

Host github.com:
    StrictHostKeyChecking no

This is untested but theoretically should disable host key checks when using GitHub.

cn flag
This doesn't seem right though. It can't really be the case that Github has a situation where the only sane way to work with it is to disable an important security check. And from my googling, not many other people seem to have this problem?
ru flag
@SteveBennett I have it every year or so with Github myself, because their keys change and such. They also spin up new servers on cloud load balancing and such which does point at different endpoints, etc. You're right, disabling the check is a bad thing, even if it's *just* for Github. However, if you don't disable the check for the host you want to use (GitHub) then you'll get the message repeatedly. There's no way around this getting rid of the notices otherwise.
cn flag
Once a year would be fine. But I'm experiencing this every day.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.