All of the other answers introduce security risks.
This error appears because you have a record in your known_hosts
file which says that the server should have a particular ssh key. But when you try to connect, the server has sent a different ssh key which does not match the one in your known_hosts
file. Your particular error message says:
Offending ECDSA key in /root/.ssh/known_hosts:1
This means that the first line in the known_hosts
file is different to what the remote server is sending.
The secure way to fix the issue is as follows:
- Find out what the correct key fingerprint should be from a trustworthy source. e.g. Here you can find the correct fingerprints for GitHub and GitLab. (If your organisation self-hosts GitLab, you will need to talk to your administrator to get the ssh key fingerprints.)
- CHECK that the existing fingerprint in your
known_hosts
file is correct.
You can run ssh-keygen -lf ~/.ssh/known_hosts
(or /root/.ssh/known_hosts
in your case) to generate SHA256 fingerprints from your known_hosts
file. Your error message says that the problem is with the first key. Find the equivalent SHA256 fingerprint on GitHub or GitLab and check if it matches exactly.
e.g. Here is the output of the above command:
256 SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw gitlab.com (ECDSA)
and here is the ECDSA SHA256 fingerprint from the GitLab website:
HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw
- If the existing fingerprint from
known_hosts
matches the official fingerprint from the GitHub or GitLab website, then ssh
has detected a Man in the Middle (MitM) attack. STOP. Do not connect to the server. Try connecting from a different internet connection. Talk to your administrator.
- If the existing fingerprint in
known_hosts
does not match the official fingerprint, then either you were under a MitM attack previously, or the server hosting GitLab has changed its ssh keys. You can delete the fingerprint from your known_hosts
file. (Note: Only delete the specific fingerprint which is causing trouble.) Next time you connect to GitLab, you will be prompted to add the new fingerprint to the known_hosts
file.
The authenticity of host 'gitlab.com (172.65.251.78)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Double-check that the fingerprint matches what is shown on the GitHub or GitLab website, then type yes
or no
accordingly.