最近 github 更改了 ssh rsa 主机密钥,具体见:We updated our RSA SSH host key,导致推送代码时报如下错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. Please contact your system administrator. Add correct host key in /Users/AlanWang4523/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/AlanWang4523/.ssh/known_hosts:1 Host key for github.com has changed and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository.Please make sure you have the correct access rights and the repository exists.
事情的原因是:
Github 官方发现 GitHub.com 的 RSA SSH 私钥曾短暂暴露在 GitHub 公共存储库中。
出于谨慎考虑,为了控制风险,在 UTC 时间 2023 年 3 月 24 日 05:00 左右,他们更换了用于保护 GitHub.com 的 Git 操作的 RSA SSH 主机密钥。
这样做是为了保护我们的用户免受对手冒充 GitHub 或通过 SSH 窃听他们的 Git 操作的任何机会。此密钥不授予对 GitHub 基础设施或客户数据的访问权限。
此更改仅影响使用 RSA 通过 SSH 的 Git 操作。GitHub.com 的 Web 流量和 HTTPS Git 操作不受影响。
At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH. This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected. Only GitHub.com’s RSA SSH key was replaced. No change is required for ECDSA or Ed25519 users. What happened and what actions have we taken? This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository. We immediately acted to contain the exposure and began investigating to understand the root cause and impact. We have now completed the key replacement, and users will see the change propagate over the next thirty minutes.
解决方案:
1、删除旧的密钥
ssh-keygen -R github.com
通过以上命令删除,或者手动更新 ~/.ssh/known_hosts 文件以删除旧条目。~/.ssh/known_hosts 文件中以 github.com ssh-rsa 开头的这条
2、增加新的密钥
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
手动添加以下行,将新的 RSA SSH 公钥条目(大家都一样)添加到您的~/.ssh/known_hosts 文件中。