Need help forcing the removal of a SSH key that should not exist anymore

Support Software & Applications
1

Variant: XFCE x64

I already deleted the files related to the ssh key expecting like any sane person for that to be enough. Instead I find that not matter what I try I still get the following when I run git push on my fork of dlfcn-win32:

The authenticity of host 'github.com (20.26.156.215)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.

I already generated and “deployed” (as github puts it) the key I wanted to use, it’s the only one in the known_hosts file I found in ~/.ssh and still the broken key I started with is attempting to be used. How do I remove this infuriating key properly?

2

make sure there aren’t double-entries for github.com in ~/.ssh/known_hosts

Edit:

Or look into setting up ~/.ssh/config

3

It’s just one line, impossible for there to be double entries with that.

4

I set mine up with ~/.ssh/config which allows you to specify custom paths for each file for each server. Makes managing thing a lot simpler:

https://wiki.archlinux.org/title/OpenSSH#Configuration_2

5

I don’t understand the config stuff well enough to be fiddling with that, I just need to know how to remove the broken keys that aren’t supposed to exist. They’re not even in the ~/.ssh nor in /etc/ssh, no ~/gnugp or whatever the directory was called either.

6

Maybe I’m missing something, but you seem to be talking about using your own ssh key for identifying github, however you don’t get to choose their keys, only your own.

Their ssh key:

goes in ~/.ssh/known_hosts

and yours can be configured in ~/.ssh/config or a key agent.

2 Likes
7

that github known_host thing you mentioned was something I didn’t know about. The link on the key deployment page of the project only linked to how to setup keys for the project, not for github. Corrected in my known_hosts to the RSA one now. Just gotta redeploy my key before trying again because I removed it thinking I might have to generate yet another one.

8

When you connect with SSH to an host, you should accept its key that’s all.
From the GitHub side if you properly configured you own key it will accept you.

9

Yeah that worked for uploading to github which is one less headache for me :slight_smile: But still don’t know why the old key was popping up despite me removing the related key files

10

What old key? You’ve only shown one of Github’s fingerprint keys.

The fingerprint identifies the server, so you know that you’re connecting to the correct server, ie not some attacker’s server.

If the fingerprint isn’t listed in known_hosts then it will warn you, that’s what this is:

In some cases it will ask if you want to add the fingerprint to known-hosts and proceed.

AFAIK, current advice is that ED25519 should be preferred when possible, though I’m not sure how much it actually matters in practice.

1 Like
11

Oh, I thought rsa was preferred with what guides I found on the net. Well whatever, I assumed that ED25519 was the one I generated at the start when I had just started trying to figure out how to upload to my fork. Did I perhaps misunderstand there and it was actually the missing/incorrect github key I had during the times I tried?

1 Like
12

Yes, according what you’ve posted.

Here’s some info on choosing a key algorithm:

https://wiki.archlinux.org/title/SSH_keys#Choosing_the_authentication_key_type

13

Nice, then I’ll close the tab then. Since it seems to have been a misunderstanding on my part I’ll just mark your post as the solution to close off the thread. The other problem has been solved without me starting a thread for it so I just added a like to that one as thanks.

1 Like
14

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.