0

I've been happily pulling from my repository for months, until now.. :'(

For the first time ever git now asks me to add github.com to the known_hosts file. It never did that before, I even didn't have a .ssh directory until after I say 'yes' to the question below.

# git pull

Host 'github.com' is not in the trusted hosts file.
(ssh-rsa fingerprint md5 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48)
Do you want to continue connecting? (y/n) y

/usr/bin/ssh: Connection to git@github.com:22 exited: No auth methods could be used.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I can't figure out what could have changed... doing git status works, but I can't pull anything.

I can't do a ssh -vvv, as this is on a small embedded linux system, and apparently ssh didn't compile with the verbose option, so I can't really know what's going on.

Shouldn't I be able to pull from repo's without having to add a github ssh key? This all happens on a small embedded systems, that I deploy on various places, so I don't like to add any account details, I just want it to pull the latest version from github.

My git config:

[core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "origin"]
        url = git@github.com:MyUser/MyRepo.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
        remote = origin
        merge = refs/heads/master

I've tried changing git to https, but that gives me a certificate error instead. (I've redacted the user and repo name)

svenema
  • 101
  • 3

2 Answers2

1

As you mention this is on an embedded system, make sure the date & time is correct. I had some issue with HTTPS where the system would basically think it was in 1970 and refuse Github certificate.

Also you can find the expected SSH host keys here: https://help.github.com/articles/github-s-ssh-key-fingerprints/. It is a good idea to check them when something that used to work now goes weird, it might be a man in the middle.

Antoine Albertelli
  • 526
  • 3
  • 4
  • time and date are incorrect most of the time, as there is no hardware clock/battery... it hasn't been a problem before, but it can definitely be related. interesting.. – svenema Apr 11 '18 at 08:52
  • In relation to those fingerprints.. could this prevent a MITM attack and do I add these to ~/.ssh/known_hosts? (and what's the format for this?) – svenema Apr 11 '18 at 08:57
  • 1
    Try running a NTP client as you appear to have internet connectivity. This will sync your time and you can then check if the problem persists. For the known_hosts it is done automatically by ssh when you accept it the first time and it is checked by SSH every time to see if you are communicating with the correct server. – Antoine Albertelli Apr 12 '18 at 06:36
0

I did not find the root cause, but I did find a solution.

Github states that HTTPS is recommended as its easier to reach over firewalls and proxies compared to SSH: https://help.github.com/articles/which-remote-url-should-i-use/

Solution: Change the URL to https. And configure git: git config --global http.sslVerify false as explained here: https://confluence.atlassian.com/fishkb/unable-to-clone-git-repository-due-to-self-signed-certificate-376838977.html

I'd rate the quality of this solution as: Workaround. If anyone has anything better, I'd like to hear ;-)

svenema
  • 101
  • 3
  • This is more _solution_ than workaround. If you don't need authentication to checkout the source, then there's no real reason to set it up. – Michael Hampton Sep 06 '21 at 03:11