最近(2023-03-24 05:00 UTC) github 更改了 ssh rsa 主机密钥,具体见:We updated our RSA SSH host key,导致推送代码时报如下错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /Users/AlanWang4523/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/AlanWang4523/.ssh/known_hosts:1
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
一、解决方案:
如果执行 git 操作时,看上面的输出日志,执行以下操作:
1、删除旧的密钥
$ ssh-keygen -R github.com
通过以上命令删除,或者手动更新 ~/.ssh/known_hosts 文件以删除旧条目。~/.ssh/known_hosts 文件中以 github.com ssh-rsa 开头的这条,上面输出日志有提升行号【Offending RSA key in /Users/AlanWang4523/.ssh/known_hosts:1】表示我的这个就密钥在 known_hosts 文件的第 1 行。
github.com ssh-rsa AAAAB3Nza***********
2、增加新的密钥
手动添加以下行,将新的 RSA SSH 公钥条目(大家都一样)添加到您的~/.ssh/known_hosts 文件中,密钥见:githubs-ssh-key-fingerprints
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
二、事情的经过和原因:
Github 官方发现 GitHub.com 的 RSA SSH 私钥曾短暂暴露在 GitHub 公共存储库中。
出于谨慎考虑,为了控制风险,在 UTC 时间 2023 年 3 月 24 日 05:00 左右,他们更换了用于保护 GitHub.com 的 Git 操作的 RSA SSH 主机密钥。
这样做是为了保护我们的用户免受对手冒充 GitHub 或通过 SSH 窃听他们的 Git 操作的任何机会。此密钥不授予对 GitHub 基础设施或客户数据的访问权限。
此更改仅影响使用 RSA 通过 SSH 的 Git 操作。GitHub.com 的 Web 流量和 HTTPS Git 操作不受影响。
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH. This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected.
Only GitHub.com’s RSA SSH key was replaced. No change is required for ECDSA or Ed25519 users.What happened and what actions have we taken?
This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository. We immediately acted to contain the exposure and began investigating to understand the root cause and impact. We have now completed the key replacement, and users will see the change propagate over the next thirty minutes.
参考链接:
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
https://stackoverflow.com/a/47708298
792
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
