Warning: remote host identification has changed!

ssh
#1

Hello,
This morning out of the blue all of our projects in gitlab started throwing this error for all of our devs:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:FbutMeM/HvPp1X4yt8938QzMKkNtlp9a5GzqwP2OTDo.
Please contact your system administrator.
Add correct host key in /Users/rocket55/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/rocket55/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Received disconnect from 35.231.145.151 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Disconnected from 35.231.145.151 port 22

We have been using this git setup for over two years with no issues. Then today this.

I cleared the offending entry from the known_hosts file, then tried again. Then I got this:

git push --set-upstream origin develop                           128 ↵  3044  11:28:20
Warning: Permanently added 'gitlab.com' (ECDSA) to the list of known hosts.
Warning: the ECDSA host key for 'gitlab.com' differs from the key for the IP address '35.231.145.151'
Offending key for IP in /Users/rocket55/.ssh/known_hosts:21
Received disconnect from 35.231.145.151 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Disconnected from 35.231.145.151 port 22
fatal: Could not read from remote repository.

Following advice I found online I tried this:

ssh-keygen -R gitlab.com                                           1 ↵  3045  11:34:21
# Host gitlab.com found: line 25
/Users/rocket55/.ssh/known_hosts updated.
Original contents retained as /Users/rocket55/.ssh/known_hosts.old

Now this is what I get:

git push --set-upstream origin develop                               ✔  3046  11:34:34
Warning: Permanently added 'gitlab.com' (ECDSA) to the list of known hosts.
Received disconnect from 35.231.145.151 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Disconnected from 35.231.145.151 port 22
fatal: Could not read from remote repository.

Any ideas on why this is happening, and what I can to to fix it?

2 Likes
#2

I am also having this issue…

1 Like
#3

Hey Tyler,

My boss is out today, so I don’t have the full scoop, but I can tell you this was caused by our Office’s tech provider updating the software/firmware on a piece of our Networking gear.

The giveaway on this is that problem isn’t just in GIT, but any time you SSH into anywhere with a stored key.

#4

Hi, I’ve similar problem with my repo. I deleted know_hosts file to retry, it did not work. Later I tried cloning a github project , it was able to do it and I also tried cloning fdroidclient.git project from gitlab but it failed with similar error. My last successful pull in my repo was before November 18.