0

1. Problem Summary

I was trying to push changes from my local machine to a remote repository on Github using VSCode today. The system hung up repeatedly. I tried to only pull, then push, to sync, and to even update the remote server. But VSCode kept hanging and not syncing with the remote server.

I then tried to push using a Git Bash terminal. Instead of hanging up, it told me:

WARNING - POTENTIAL SECURITY BREACH!
The server's host key does not match the one PuTTY has cached.
This means that either the server administrator has changed the host key, or you have actually connected to another computer pretending to be the server.

The new rsa2 fingerprint is: [redacted]

If you were expecting this change and trust the new key, enter "y" to update PuTTY's cache and continue connecting. If you want to carry on connecting but without updating the cache, enter "n". If you want to abandon the connection completely, press Return to cancel.
Pressing Return is the ONLY guaranteed safe choice.

2. What I've Tried None of those options (Y, n, Return) worked in Bash. I then used PuTTY to generate a new public/private key pair, and the same error message came up when I tried to push. I tried to use ssh-add to load the key, and it kept telling me that the key had invalid format. I assume this was the issue with the old key. So, I then tried ssy-keygen -t rsa -b 4096 -C "[email protected]" to generate a new key from Git Bash. I added that key to the remote server on Github for this repository, and when I tried to Push through Git Bash, it failed again. With the same error as above.

I then went to my tablet which has access to the same local drive. From there I opened VSCode, opened the local folder with the repository, and tried to push/pull (sync) from VSCode, repeating the first step above from a different terminal. Of course, this other terminal connects to the same remote repository with a different ssh key, and this time VSCode did not hang up and I was able to push the changes to the remote.

3. No code to show, but a couple of specific questions

  1. Why does VSCode hang and not generate a similar error (WARNING - POTENTIAL SECURITY BREACH!)? That was a bit of a time sync as it simply hung. I could continue to code, run code, etc., but the window for version control was simply stuck.
  2. How do I overcome the ssh key problem I am having on one terminal? This has never happened to me before in this repository or any others.
  3. Why does Bash hang when entering Y, n, or Return when prompted? This seems buggy - is there a way around it?

I am running both terminals on Windows.

Improve this question
2
  • You don't need to redact a public key fingerprint, and if the error message is that the host key is unrecognized then changing your own key won't make a difference. Also, how long has it been since you last interacted with GitHub over SSH? Commented Jun 5, 2024 at 19:48
  • @JimRedmond I don't know how long it has been. I work on both terminals regularly, saving local files to the same drive independent of terminals. So, sometimes I push/pull from one terminal and sometimes from the other (depending, for instance, if I am traveling or not). Is there a way to find out? Commented Jun 6, 2024 at 16:31

1 Answer 1

Reset to default
2

Last time you connected to GitHub, your local SSH client automatically registered GitHub's key. The alert you are seeing means this key has now changed. This might be due to an attacker, with different keys, intercepting your connection. Or it might be because GitHub updated their keys since last time you connected.

If you aren't bothered about the security of your connection and you just want to connect, you can fix this by erasing the invalid entry from your known_hosts file. To do this, run the command ssh-keygen -R github.com (source). If that doesn't work, a last resort is to delete the known_hosts file entirely. On Windows, this file is found in %USERPROFILE%\.ssh (source).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

worth adding: if you want to have a way to decide "am I talking to the actual github ? or is it indeed a SECURITY BREACH ?" you can check that page: GitHub's SSH key fingerprints and check whether the fingerprints printed in your terminal match the ones published by github.
@Cadence - I have done this, but I still get the WARNING message when I try to pull. I am able to get status of the repository and other "internal" commands, but as soon I as I try to interact with the remote, this message pops up.
@LeGEC - yes, the ones that are in my known users file match what is on their fingerprints page. Thank you for that resource.
@brosenheim Could you try these additional steps and see if they help? cgranade.com/blog/2016/06/06/ssh-keys-in-vscode.html

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.