UnknownHostKey Exception in Accessing GitHub Securely

Question

I'm using jgit to access a repository in GitHub securely. I did the following to generate keys for secure communication between GitHub and my client code.

1. Generated the key pair:

   ssh-keygen -t rsa
   

2. Added the public key to GitHub account with Account Settings -> SSH keys -> add SSH key

3. Added the private key generated in step 1 to the local host with:

   ssh-add id_rsa
   

After doing this, when I try to access GitHub and make a clone, I still get the following error:

org.eclipse.jgit.api.errors.TransportException: [email protected]:test/test_repo.git: UnknownHostKey: github.com. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)

This is the code that I used:

    String localPath, remotePath;
    Repository localRepo;
    Git git;

    localPath = <path_to_local_repository>;
    remotePath = "[email protected]:test/test_repo.git";

    try {
        localRepo = new FileRepository(localPath + "/.git");
    } catch (IOException e) {
        e.printStackTrace();
    }
    git = new Git(localRepo);

    CloneCommand cloneCmd =  git.cloneRepository().
                setURI(remotePath).
                setDirectory(new File(localPath));
        try {
            cloneCmd.call();
        } catch (GitAPIException e) {
            log.error("git clone operation failed");
            e.printStackTrace();
        }

Kindly let me know the issue here and what should I do to rectify it.

Thanks.

Answer 1

As this thread is first result to :

com.jcraft.jsch.JSchException: UnknownHostKey: gitservername. RSA key fingerprint"

and the only answer, if the problem persists, is to disable StrictHostKeyChecking, which is not acceptable for security purposes.

If the problem persists, you should have a look to this answer from another thread :

https://stackoverflow.com/a/44777270/13184312

What solved the persisting problem is :

ssh-keyscan -H -t rsa gitservername >> ~/.ssh/known_hosts

Answer 2

It happens because you have no entry for github in ~/.ssh/known_hosts, and JSch used in jgit defaults to rejecting session in this case. Refer to this question for solutions: com.jcraft.jsch.JSchException: UnknownHostKey

To set the ssh session property, you need to create a session factory for jgit:

SshSessionFactory.setInstance(new JschConfigSessionFactory() {
  public void configure(Host hc, Session session) {
    session.setConfig("StrictHostKeyChecking", "no");
  }
})

or add StrictHostKeyChecking=no to ~/.ssh/config