I am trying to use
sudo npm install
to install all my dependencies for an application written in nodejs. My OS is Ubuntu 13.04
However, I keep getting this warning:
The authenticity of host 'github.com (192.30.252.131)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:1d:52:13:1a:21:2d:bz:1d:66:a8.
Are you sure you want to continue connecting (yes/no)?
Has anyone encountered this warning before? Is it possible to authenticate and store the fingerprint locally? So I won't need to authenticate again when I enter sudo npm install another time.
Right now, I am unable to enter anything, not even "yes". My terminal just gets stuck, i have to press Ctrl+C to terminate.
Danger ahead, unless you actually don't care about secure communication with github on your local account
Ssh rightly complains that they can't make sure you are indeed connecting to github's server through a secure channel. That might be why github is recommending https access, which works out-of-the-box thanks to its public key infrastructure.
Now, you can have it work, but be aware that it involves caching a public key fingerprint which, if done incorrectly, provides an attacker permanent man-in-the-middle attack.
How to proceed safely?
Option 1 is use https url instead of ssh.
Option 2 is have ssh access work.
Okay, show me option 2
Do ssh -T git#github.com but don't just type "yes".
Check if the hash that is shown matches one of the hashed shown in https://help.github.com/articles/what-are-github-s-ssh-key-fingerprints/ (in your question it does, and see, the page is fetched through https for the same public key infrastructure reasons).
If the hash matches, then connection is indeed safe you can answer "yes" to ssh's question.
Okay, I checked and typed yes, how do I know it works?
Ssh will show something like:
Warning: Permanently added the RSA host key for IP address
'192.30.252.128' to the list of known hosts.
After that, you will either see a message like
Permission denied (publickey).
which is good but shows that you need further configuration, or simply
Hi yourlogin! You've successfully authenticated, but GitHub does not
provide shell access.
which means that all works well and you can retry your first operation.
Notice that if you retry the same ssh command, it should no longer ask the question.
Run ssh -o StrictHostKeyChecking=no git#github.com in command prompt to add the authenticity to your known_hosts. Then you won't get the prompt the next time.
I solved my problem by running
ssh-keyscan github.com >> ~/.ssh/known_hosts
in command prompt. This command will add authenticity to your known_hosts.
You sure you're not accidentally logged in as a different user (this happens to me when I sudo -s / login as root and forget my GitHub account isn't linked to that user).
I landed here because I was getting this error and not understanding why. It turns out I had a typo in my npm command:
npm install -P -E #angular/common #angular/compiler #angular/core #angular/forms
#angular/platform-browser #angular/router #angular/animations# angular/platform-browser-dynamic
Notice how the end of the line reads #angular/animations# angular/platform-browser-dynamic.
NPM interprets the last "package" as being a github repo and that is where the error comes from.
I know this does not actually answer the question but I put it up just in case anyone else encounters this by making a similar mistake.
If you have this type problem
The authenticity of host 'github.com (192.30.252.131)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:1d:52:13:1a:21:2d:bz:1d:66:a8.
Are you sure you want to continue connecting (yes/no)?
don't worry, follow these steps:
Step 1: yes [press enter]
then you'll get:
Please type 'yes', 'no' or the fingerprint:
Step 2: copy fingerprint and paste here [press enter ]
Stéphane Gourichon's 2016 answer mentions:
Do ssh -T git#github.com but don't just type "yes".
Check if the hash that is shown matches one of the hashed shown in "GitHub's SSH key fingerprints".
(in your question it does, and see, the page is fetched through https for the same public key infrastructure reasons).
Another way to check, this time programmatically, if the GitHub host keys match, is to use the GitHub API (Jan. 2022):
GitHub’s SSH host keys are now published in the API
The GitHub metadata endpoint (api.github.com/meta) now contains our SSH host keys.
(We'll continue offering host key fingerprints as well.)
{
// new entry
"ssh_keys": [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl",
"ecdsa-sha2-nistp256 >AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=",
"ssh-rsa >AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
],
// existing entry
"ssh_key_fingerprints": [
"SHA256_RSA": "nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8",
"SHA256_ECDSA": "p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM",
"SHA256_ED25519": "+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU"
],
// ... rest of payload
}
These keys are in the OpenSSH known_hosts format for easy inclusion into existing known_hosts files.
This will make it easier to preconfigure systems which expect to connect via SSH.
For example, you can prime your CI runners with these keys before starting to fetch from GitHub.
The keys returned from the API include both SSH host keys that we're actively using, plus any that we're advertising via host key rotation for future use.
Currently, we're not offering any keys via rotation that aren't actively in use, but if we announce new host keys in the future, you can find them here as well during the rotation period.
See the meta API endpoint to learn more.
Github just made changes to their ip address infrastructure. You can read here for more details https://github.com/blog/1606-ip-address-changes . Also, I have never seen a problem like this before. Is you package.json containing a git depency cloned via ssh?
Try echo 'yes' | sudo npm install. This may solve your problem. If it does not, try cloning via HTTPS instead or download the module as a tarball instead, which can be done like this https://api.github.com/repos/username/reponame/tarball
I was using npm ci but the package-lock.json file had a lot of git+ssh:// URLs which triggered this error message.
Bashed on the accepted answer here, I used a little sed script to replace all the ssh:// URLs with https:// URLs:
sed -i 's|git+ssh://git#github.com|https://github.com|' ./package-lock.json
I hope that may help some people in a similar situation.
This is a quick workaround. A more permanent solution would be to fix the URLs in the package.json file, in order to build an improved package-lock.json file.
Just in case you stumble upon that in IntelliJ IDEA (or any other IntelliJ product), go to Version Control > GitHub and uncheck [✓] Clone git repositories using ssh.
Run ssh github.com and type yes and it should fail. Then run your command again. If not try ssh github.com again as they have multiple IP's and you might need all of them.
Related
I successfully added remote (private) GitLab account under Windows 10 in GitAhead but under a Linux openSUSE Leap 15 I got "Connection failed: SSL handshake failed".
Note that I can clone, pull, fetch, commit, push in repositories from repositories in the GitLab I want to add, I also tried to reset SSH handshake with:
$ ssh-keygen -R gitlab.mydomain.net
# Host gitlab.mydomain.net found: line 31
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old
$ ssh git#gitlab.mydomain.net
The authenticity of host 'gitlab.mydomain.net (<IP>)' can't be established.
ECDSA key fingerprint is SHA256:**************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.mydomain.net,<IP>' (ECDSA) to the list of known hosts.
Welcome to GitLab, #UserName!
Connection to gitlab.mydomain.net closed.
But it still does not work, anyone knows if there is something to configure to allow it under Linux ?
Thanks
For a starter, check the rights on directories on the server-side. The home-dir as well as the .ssh-dir should be treated with chmod 700. The same is true for the key files.
You should aim for a passwordless login on your server. As soon as this works, GitAhead should be fine. If you have a Git-Shell in your server-side /etc/passwd, replace it by /bin/sh for the sake of sending your pubkey: On the client, enter ssh-copy-id -i yourprivatekeyfile somerandomgituser#ipofyourgitserver. After that, if successful, you can reset the /etc/passwd line back to the Git-Shell.
I have one project on Gitlab and I worked with it for the last few days!
But after a few days it all went off! I added my home PC ssh key in Gitlab project setting, but now I want use git pull for receive new changes in my home PC show me this error:
10:47 AM Update failed
Permission denied (publickey).
Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
10:47 AM Update canceled
Gitlab ssh key image:
How can I fix it?
GitHub isn't able to authenticate you. So, either you aren't setup with an SSH key, because you haven't set one up on your machine, or your key isn't associated with your GitHub account.
You can also use the HTTPS URL instead of the SSH/git URL to avoid having to deal with SSH keys. This is GitHub's recommended method.
Further, GitHub has a help page specifically for that error message, and explains in more detail everything you could check.
I know this problem. After add ssh key, add you ssh key to ssh agent too (from official docs https://help.github.com/articles/generating-ssh-keys/)
ssh-agent -s
ssh-add ~/.ssh/id_rsa
After it, all work fine, git can view proper key, before couldn't.
Can anyone spot what I could possibly be doing wrong? You can browser zoom in to see image details.
This is a fresh account, new project, owner of group and I am simply unable to push (HTTPS) following instructions provided.
When adding the remote URL to the initial configuration, instead of using the URL that Gitlab gives you, try adding the following URL instead and replace the details below as mentioned, to reflect your info & your project info:
REMOTE URL FORMAT:
https://YOUR_USER_NAME:PASSWORD#gitlab.com/YOUR_USER_NAME/YOUR_PROJECT_NAME.git/
REPLACEMENTS IN THE ABOVE URL:
YOUR_USER_NAME - Replace this with your gitlab username
PASSWORD - Replace this with your gitlab password
YOUR_PROJECT_NAME - Replace this with your gitlab project name (whatever is generated for you)
I create a small site to fix really quick this issue. gitlab fix remote
While Adding Your URL make sure you add your username like this
https://username#gitlab.com/path_of_repository.git
and also .git at the end is not to be missed
try to /profile/keys and add new key of server in GitLab
In your GitLab got to: /help/ssh/README
SSH keys
An SSH key allows you to establish a secure connection between your computer and GitLab.
In my case for HTTPS-URL, it was not working
So I tried using it with SSH
First open command prompt in administrator mode then enter the following command to generate SSH key:
ssh-keygen -t rsa -b 4096 -C “<my key name>”
Then go to the location where this key is saved 'In my case (C:\Users\your_username\.ssh)' and open id_rsa.pub and copy its content.
Then go to GitLab create a new SSH key and add this copied content to your SSH key.
After that try cloning using SSH-URL
I installed gitosis on my Ubuntu 10.4 Server via
apt-get install gitosis
Then I initialized the admin repository with
sudo -H -u gitosis gitosis-init < nameOfThePublicKeyFile
After this I thought that it the admin repository is only clonable for clients that offer the private key that fits to the public key file of the repository. So just to be sure, I tested if it is possible to clone the repository without the private key or with a false private key. Unfortunately and surprisingly it worked.
I tested this with tortois git on windows.
Therefore my question is:
How can I secure my repositories, so that they can only be cloned if I provide the correct private key.
Did I skip an important step in the installation process or anything?
Thanks for any help!
I think I found the error and it has nothing to do with gitosis.
I found out that my tortoisgit client on windows somehow caches the correct private key file of a git connection if it cloned a repository succesfully once. Even if I provide a wrong keyfile afterwards.(I don't know where it saves it but I saw it in the config file that is created by tortoisgit when a repository is cloned.)
I tried to clone my repository with with another windows computer, just to be sure, that is is only a caching problem. And voila this other computer that never saw my private key file could not clone the repository.
It is always useful, when the GUI fails (here TortoiseGit) to revert to the CLI (msysgit or git itself) to see if the issue persists.
You saw that it might be related to an authentication cache problem within TortoiseGit, and bug 659 does illustrate that cache problem.
The other option would be trying to use a 'config' ssh address, ie an ssh address based on a ssh config file (where you can reference explicitly the name of the private key to use for that connection).
See as an example "NBGit to remote host with ssh" or "git + assembla + multiple ssh keys/multiple computers".
Is it possible to configure git/ssh so I don't have to enter my passphrase every time I want to perform a git pull? Note that the repo is a private one on github.
Or, alternatively, what would be the best practice to automate code deployment from a private Github repo?
Additional details: EC2 instance running a public AMI based on Fedora.
Have a look at this link https://help.github.com/articles/working-with-ssh-key-passphrases/
But I don’t want to enter a long passphrase every time I use the key!
Neither do I! Thankfully, there’s a nifty little tool called
ssh-agent that can save your passphrase securely so you don’t have
to re-enter it. If you’re on OSX Leopard or later your keys can be
saved in the system’s keychain to make your life even easier. Most
linux installations will automatically start ssh-agent for you when
you log in.
I enabled the password caching as described here:
https://help.github.com/articles/caching-your-github-password-in-git/#platform-linux
To cache the password for a month:
git config --global credential.helper 'cache --timeout=2628000'
Try this:
git config credential.helper store
You'll have to enter your password once, after that it is stored in a folder inside root.
As comments pointed out, This does NOT work for SSH passwords, only for HTTPS passwords.
I dont know why hasnt anyone reported this yet. But the simplest approach would be to simply add a single line AddKeysToAgent yes on the top of the .ssh/config file. Ofcourse ssh-agent must be running beforehand. If its not running ( check by the command ssh-agent on the terminal ) , then simply run it eval $(ssh-agent)
I can confirm that this works, because in my project with lots of submodules and for each submodule being cloned, I had to type in my ssh passphrase. After the above trick, I dont need to do it anymore.
The source of the solution is https://askubuntu.com/questions/362280/enter-ssh-passphrase-once/853578#853578
Your situation is now fixed, however for me it was the fact that I had more than one key in ~/.ssh/
To resolve the problem I had to create a file called ~/.ssh/config and add the line:
IdentityFile ~/.ssh/my_key2_rsa
where ~/.ssh/my_key2_rsa is my key.
I updated my ~/.ssh/config file to read the following, and no longer have to enter my ssh password.
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
open (or create) the ~/.ssh/config file and add these lines to the file:
Host *
UseKeychain yes
Source: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/