1

tldr: When a git server changes its key, the new key is presented in two different formats making it hard to compare them. How can git be told to show it in a single format?

From the first git clone attempt I get:

The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.

But after deleting the old key and running the clone again the fingerprint is different:

ED25519 key fingerprint is 
SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.

I'd like to visually verify that it's still the same key.

How can git be configured to always show fingerprints in the same format?

BTW in the recent github key change their tutorial avoids the confusion by bypassing git for the key update. They suggest a direct write of the new fingerprint instead (in yet another format).

github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7nd...

Can this be done by git while showing the first fingerprint to the user?

Do not suggest this as a duplicate, that's not about git unlike my question.

Jakub Fojtik
  • 681
  • 5
  • 22

1 Answers1

2

It's not the same key. The first is RSA key, while the latter is ED25519 key. An SSH server can (and typically does) have multiple keys of different types.

In the first case, as you already had GitHub's RSA host key cached locally, Git (or actually the underlying ssh) chose to use server's RSA key.

In the latter case, as Git/ssh had no known key anymore, it chose what it considers the best type, the ED25519.

Both are valid GitHub's keys:
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992