DEV Community

Cover image for Github Warning: Remote Host Identification Has Changed! 😳
James Thompson
James Thompson

Posted on

Github Warning: Remote Host Identification Has Changed! 😳

I started seeing this warning

A few months back after coming back from the weekend, I started seeing the below warning below in the terminal. I was working on a GitHub project.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.
Enter fullscreen mode Exit fullscreen mode

This was an odd change, as I was working on the project a few days prior without issue. This error occurred whenever I tried to push updates to the remote repository on GitHub.

This was the somewhat cryptic warning that stood out.

🛑 The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.

Please contact your system administrator.
Enter fullscreen mode Exit fullscreen mode

It took a few minutes of troubleshooting to finally realize the phrases remote host and please contact your system administrator where important here. After a bit of searching, I came across this article for the potentially comprised GitHub RSA SSH Key - https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/.

github article

I was surprised by the unexpected non-warning, though after reading the article I could see why this happened. Next week, I'll get into why this was such a big deal, especially for automated CI/CD pipelines and distributed teams.


Photo credit to Vidi Drone on Unsplash

Top comments (0)