You can find out more about why this happened on this Github blog: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
*Simon Kelly* Senior Director of Server Engineering Dimagi | www.dimagi.com On Fri, 24 Mar 2023 at 14:37, 'Neil Young' via Ansible Project < [email protected]> wrote: > OK, maybe a solution (workaround?) > > I got another error message later, which clarified the failing command: > > FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote > [email protected]:xxxxxxxxxxx.git -h refs/heads/HEAD", " > > So I ssh'ed to the machine and issued exactly this command: > > The response lead me to an offending, but not obvious "known_host" entry > (which obviously described "github.com"), maybe left by "ssh-agent" (hmm, > didn't know that. Shouldn't be left there I guess). > > Warning: the ECDSA host key for 'github.com' differs from the key for the > IP address '140.82.121.3' > > Offending key for IP in /home/ubuntu/.ssh/known_hosts:2 > > > I removed this entry in line 2 and it worked. So the fix is: Remove > everything from your .ssh/known_hosts which looks like remains from > ssh-agent. It might trap the github auth. > > > > > Neil Young schrieb am Freitag, 24. März 2023 um 13:28:10 UTC+1: > >> To be specific: I'm unable to execute this (and maybe many other lines as >> well) now. I can update the project with manual git command on the target >> host, but not with Ansible from my machine: >> >> - name: SOFTWARE - Clone xxx-project (run as non-privileged user) >> tags: software >> git: >> repo: "{{ xxx_procect_git_repo_clone_url }}" >> dest: xxx-project >> force: yes >> become: yes >> become_user: "{{ non_root_user }}" >> >> >> Neil Young schrieb am Freitag, 24. März 2023 um 13:20:26 UTC+1: >> >>> Hi, >>> >>> This morning I noticed this error while attempting to update a project >>> on my server via `git clone` (I'm using Ansible's ssh-agent-forwarding, >>> which worked fine for months) >>> >>> <quote> >>> >>> "Failed to download remote objects and refs: >>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >>> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >>> Someone could be eavesdropping on you right now (man-in-the-middle >>> attack)! >>> It is also possible that a host key has just been changed. >>> The fingerprint for the RSA key sent by the remote host is >>> SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. >>> Please contact your system administrator. >>> Add correct host key in /home/ubuntu/.ssh/known_hosts to get rid of this >>> message. >>> Offending RSA key in /home/ubuntu/.ssh/known_hosts:1 >>> remove with: >>> ssh-keygen -f \"/home/ubuntu/.ssh/known_hosts\" -R \"github.com\" >>> RSA host key for github.com has changed and you have requested strict >>> checking. >>> Host key verification failed. >>> fatal: Could not read from remote repository. >>> Please make sure you have the correct access rights >>> and the repository exists. >>> >>> </quote> >>> >>> The fix didn't solve the problem, just changed the error message: >>> >>> <quote> >>> >>> TASK [SOFTWARE - Clone xxx-project (run as non-privileged user)] >>> ******************************************************************************************************************************************************************************** >>> fatal: [server]: FAILED! => {"changed": false, "cmd": ["/usr/bin/git", >>> "fetch", "--tags", "--force", "origin"], "msg": "Failed to download remote >>> objects and refs: Host key verification failed.\r\nfatal: Could not read >>> from remote repository.\n\nPlease make sure you have the correct access >>> rights\nand the repository exists.\n"} >>> >>> </quote> >>> >>> I then discovered this blog entry which states, that Github updated >>> their RSA SSH key this morning: >>> >>> https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ >>> >>> Now, everything they suggest work somehow. But it doesn't fix the >>> problem, that I'm unable to clone my project on the target machine. >>> >>> Anybody having the same issue and maybe a solution? >>> >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/1e7ac8cd-d4b5-41e0-a314-bf048257dbe7n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/1e7ac8cd-d4b5-41e0-a314-bf048257dbe7n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALc%3DriB7qOatsL4hyMr9sqAqkmCrKmOx7ZvRPbTQiwE%3DC5Or5A%40mail.gmail.com.
