Git SSH Not Working after installing new Dev Shell

I have carefully followed the document go/dev-shell to install the new dev shell and Git Setup on LVDI3. When I run the ds sync, I got the error message:

: Permission denied (publickey).
fatal: Could not read from remote repository.

I run the following two commands to check the configuration.

$ ssh-add -l
error fetching identities: agent refused operation
$ ssh -vT
OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucketdc-cluster03-ssh.jpmchase.net [147.107.136.129] port 22.
debug1: Connection established.
debug1: identity file /c/Users/v684780/.ssh/id_rsa type 0
debug1: identity file /c/Users/v684780/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_dsa type -1
debug1: identity file /c/Users/v684780/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/v684780/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/v684780/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/v684780/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/v684780/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/v684780/.ssh/id_xmss type -1
debug1: identity file /c/Users/v684780/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to bitbucketdc-cluster03-ssh.jpmchase.net:22 as 'v684780'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:U1WSHx08ejrFmnHhLOyTO6krz1ufthX3VNxKRKh1yjg
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for bitbucketdc-cluster03-ssh.jpmchase.net has changed,
and the key for the corresponding IP address 147.107.136.129
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:U1WSHx08ejrFmnHhLOyTO6krz1ufthX3VNxKRKh1yjg.
Please contact your system administrator.
Add correct host key in /c/Users/v684780/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /c/Users/v684780/.ssh/known_hosts:2
ECDSA host key for bitbucketdc-cluster03-ssh.jpmchase.net has changed and you have requested strict checking.
Host key verification failed. 

I googled the web, someone suggested to remove the cached key, or update the C:\Users\v684780.ssh\known_hosts. I am not sure how to do it.

1 Answer

The key line in the message is

The ECDSA host key for bitbucketdc-cluster03-ssh.jpmchase.net has changed, 

Thus the host you try to connect to has changed its identity. One solution is indeed to either delete the file where your host keys are stored or - better - open it in a simple text editor such as notepad and remove only the line concerning the 'offending' host. It is a plain text file with a special format of one line per pair of host, algorithm and key, e.g.:

127.0.0.1 ssh-rsa AAAAB3NXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXUX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

However! Please make sure that you check the identity of the host before you re-add it so that you do not fall prey to an actual attacker who modified the target host.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like