Git 错误:“主机密钥验证失败"连接到远程存储库时 [英] Git error: "Host Key Verification Failed" when connecting to remote repository

问题描述

我正在尝试连接到驻留在我的 Web 服务器上的远程 Git 存储库并将其克隆到我的机器上.

I am trying to connect to a remote Git repository that resides on my web server and clone it to my machine.

我的命令使用以下格式:

I am using the following format for my command:

git clone ssh://username@domain.com/repository.git

这对我的大多数团队成员都很有效.通常在运行此命令后，Git 会提示输入用户密码，然后运行克隆.但是，在我的其中一台机器上运行时，出现以下错误:

This has worked fine for most of my team members. Usually after running this command Git will prompt for the user's password, and then run the cloning. However, when running on one of my machines I get the following error:

主机密钥验证失败.

致命:无法从远程读取存储库.

fatal: Could not read from remote repository.

我们没有使用 SSH 密钥连接到这个存储库，所以我不确定为什么 Git 会在这台特定的机器上检查一个.

We are not using SSH keys to connect to this repository, so I'm not sure why Git is checking for one on this particular machine.

推荐答案

您正在通过 SSH 协议进行连接，如克隆 URL 上的 ssh:// 前缀所示.使用 SSH，每个主机都有一个密钥.客户端记住与特定地址关联的主机密钥，如果主机密钥发生变化，则拒绝连接.这可以防止中间人攻击.

You are connecting via the SSH protocol, as indicated by the ssh:// prefix on your clone URL. Using SSH, every host has a key. Clients remember the host key associated with a particular address and refuse to connect if a host key appears to change. This prevents man in the middle attacks.

domain.com 的主机密钥已更改.如果这对您来说并不奇怪，请通过编辑 ${HOME}/.ssh/known_hosts 从本地缓存中删除旧密钥以删除 domain.com 的行或让 SSH 实用程序为您完成

The host key for domain.com has changed. If this does not seem fishy to you, remove the old key from your local cache by editing ${HOME}/.ssh/known_hosts to remove the line for domain.com or letting an SSH utility do it for you with

ssh-keygen -R domain.com

从这里开始，通过自己动手来记录更新的密钥

From here, record the updated key either by doing it yourself with

ssh-keyscan -t rsa domain.com >> ~/.ssh/known_hosts

或者，等效地，让 ssh 在您下次连接 git fetch、git pull 或 git 时为您做推(或什至一个普通的ol'ssh domain.com)，在提示时回答yes

or, equivalently, let ssh do it for you next time you connect with git fetch, git pull, or git push (or even a plain ol’ ssh domain.com) by answering yes when prompted

The authenticity of host 'domain.com (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?

出现此提示的原因是 domain.com 删除后不再在您的 known_hosts 中，并且可能不在系统的 /etc/ssh/ssh_known_hosts 中，因此 ssh 无法知道连接另一端的主机是否真的是 domain.com.(如果 /etc 中的密钥错误，则必须由具有管理权限的人更新系统范围的文件.)

The reason for this prompt is domain.com is no longer in your known_hosts after deleting it and presumably not in the system’s /etc/ssh/ssh_known_hosts, so ssh has no way to know whether the host on the other end of the connection is really domain.com. (If the wrong key is in /etc, someone with administrative privileges will have to update the system-wide file.)

我强烈建议您考虑让用户也使用密钥进行身份验证.这样，ssh-agent 可以方便地存储密钥材料(而不是每个人都必须在每次连接服务器时输入她的密码)，而且密码不会通过网络.

I strongly encourage you to consider having users authenticate with keys as well. That way, ssh-agent can store key material for convenience (rather than everyone having to enter her password for each connection to the server), and passwords do not go over the network.

这篇关于Git 错误:“主机密钥验证失败"连接到远程存储库时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！