Solution: create a ~/.ssh/config file and insert the line:
UserKnownHostsFile ~/.ssh/known_hosts
You will then see the message the next time you access Github, but after that you'll not see it anymore because the host is added to the known_hosts file. This fixes the issue, rather than just hiding the log message.
This problem was bugging me for quite some time. The problem occurs because the OpenSSH client compiled for Windows doesn't check the known_hosts file in ~/.ssh/known_hosts
ssh -vvvvvvvvvvvvvvvvvvv [email protected]
debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /dev/null
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.
Add the following line to your ssh config file ($HOME/.ssh/config):
LogLevel=quiet
If running ssh from the command line add the following option to the command string:
-o LogLevel=quiet
For example, the following prints out the gcc version installed on machine.example.org (and no warning):
ssh -o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o LogLevel=quiet \
-i identity_file \
machine.example.org \
gcc -dumpversion
It mainly means there are changes for the key for that host ~/.ssh/known_hosts, and it will not automatically UPDATE it. Therefore every time you get this warning message.
This happens often for the connecting to the re-created virtual machines, which changes the key with the same IP address
Solution
If you only have one entry, then you can delete the ~/.ssh/known_hosts file, and after first connection, that the key will be there, and no warning messages after that.
If you have multiple entries, then you can use command below to remove
$ ssh-keygen -R <hostname>
It works fine for me
I got into the same issue when I started using a Windows machine. In my case it was because my SSH setup was not done. Github has a very precise documentation on the SSH setup. Once that's taken care, the issue was resolved.
https://help.github.com/articles/checking-for-existing-ssh-keys/ https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
Add ssh key
ssh-keygen -t rsa -b 4096 -C "[email protected]"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/bitbucket_rsa
crate config file
crate ~/.ssh/config
add below line.
UserKnownHostsFile ~/.ssh/known_hosts
Then add pub key and clone your repository... Done.....
I had faced the same error in Linux/Cent OS VM and it was because the IP was changing after restart. In order to get around this problem, I defined a static IP in the network and added that entry to /etc/hosts file. For static IP mention a slightly higher range value. For example if your current IP (ipconfig/ifconfig) is 192.168.0.102, next time after restart this may become 192.168.0.103. So define your static IP in IPV4 settings as 192.168.0.181 which should do the trick.
In my case, it was because the admin who set up the server set these options in ~/.ssh/config
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Which worked fine for most cases by not using the ~/.ssh/known_hosts file. But for the enterprise gitlab repo, every time it gave the "Warning: Permanently added ... to the list of known hosts."
My solution was to comment out the UserKnownHostsFile /dev/null line, which allowed the creation of ~/.ssh/known_hosts. Then it didn't give any more warnings after that.
You might also have a old/invalid entries in your known_hosts.
# find entry in ~/.ssh/known_hosts
ssh-keygen -F <hostname>
# delete entry in ~/.ssh/known_hosts
ssh-keygen -R <hostname>
I my case I only got the ssh warning when using Gridengine qrsh remote shell login. Whereas a normal ssh would work as expected (warning first time, then quiet subsequent times).
My solution was to manually fill ~/.ssh/known_hosts with all the possible server names that Gridengine could choose (use qhost to list the servers):
for p in server1 server2 server3 server4; do
ssh-keyscan -H ${p}.company.com;
ssh-keyscan -H $(getent hosts $p | perl -lane 'print $F[0]');
done >> ~/.ssh/known_hosts
Background:
Gridengine is a job scheduler which can use ssh to select the least loaded server. The reason for the warning is that qrsh seem to always specify a non-standard port for doing the ssh connection, causing known_hosts to be updated with an entry also containing a port number. Next time when qrsh selects the same server there would be a new port-number and known_hosts would get updated with a new port-specific entry. The reason for also adding the raw host IP address is that some hosts used ecdsa-sha2-nistp521. If a raw IP entry is not added I would get the warning:
ECDSA host key for IP address '10.1.2.3' not in list of known hosts.
There is no clean solution for the problem you noted as far as I am aware.
The previously suggested /dev/null redirection will still display the warning, it just disables the security feature of storing the remote keys by redirecting the output into /dev/null.
So ssh would still think it writes something which is actually discarded.
As I know the only option is to catch the message and remove it from stdout.
ssh/scp..... 2>&1 | grep -v "^Warning: Permanently added"
Here is a complete example that you can use as wrapper to hide such warnings:
#!/bin/bash
remove="^Warning: Permanently added" # message to remove from output
cmd=${0##*/}
case $cmd in
ssh)
binary=/usr/bin/ssh
;;
*)
echo "unsupported binary ($0)"
exit
;;
esac
$binary "$@" 2>&1 | grep -v "$remove"
To install it all you need to do is add/modify the "case" statement for the actual command you wish to modify. (ssh, scp, git etc).
the "ssh)" means the script has to be named "ssh" (or a link to the script is named ssh).
The binary=/full/path is the path to the binary the script should wrap.
Then put the script with a name of your choice into /bin or somewhere else.
The script also the place where you can use a -o "UserKnownHostsFile=/dev/null" to the $binary variable, that's a lot better than putting such a security risk into the global ssh configuration which will affect all your ssh sessions and not just those you want to supress the message.
Disadvantages:
It's a bit overhead, not a perfectly clean solution and moves stderr into stdout which might not be good in all cases.
But it will get rid of any sort of warning messages you don't wish to see and you can use a single script to wrap all binaries you want (by using filesystem links to it)
The authenticity of host '...' can't be established. RSA key fingerprint is .... Are you sure you want to continue connecting (yes/no)?, or have you suppressed that? If it is, is it the same fingerprint every time? If it's not, that's really scary. The less scary option would be that somehow it's not actually managing to write to the hosts file, so it tries again every time. Have a look at~/.ssh/known_hosts? – Cascabel~/.ssh/known_hosts? (Is it listed 5000 times?) Does~/.ssh/configexist/contain anything (especially a value forStrictHostKeyChecking)? – Cascabelknown_hostsfile are bad. It should be the host key, on one terribly long line. If you only have the host name there (for example) it will not work. I recommend that you remove this file (if indeed it only contains the information for this single host) and allow SSH to create it next time you connect. It should be silent after that. – tripleee