为什么 git 忽略了我在 /etc/ssh/ssh_known_hosts 中的 SSH 密钥?

Why is git ignoring my SSH Key in /etc/ssh/ssh_known_hosts?

我已将 github.com SSH 密钥添加到 /etc/ssh/ssh_known_hosts。但是当我 运行

git clone git@github.com:me/repo

我仍然得到

Cloning into 'repo'...
The authenticity of host 'github.com (XXX.XXX.XXX.XXX)' can't be established.
RSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
Are you sure you want to continue connecting (yes/no)?

如何强制 git 使用 /etc/ssh/ssh_known_hosts

编辑 1:

这是文件 /etc/ssh/ssh_config~/.ssh/config 不存在):

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

这是我的 /etc/ssh/ssh_known_hosts:

# HEADER: This file was autogenerated at 2020-12-31 10:33:06 +0000
# HEADER: by puppet.  While it can still be managed manually, it
# HEADER: is definitely not recommended.
gerrit.wikimedia.org ssh-rsa AAAAB3Nz[...]
github ssh-rsa AAAAB3NzAAAAB3Nz[...]

编辑 2:

所有人都对 /etc/ssh/ssh_known_hosts:

具有读取权限
vagrant@vagrant:~$ ls -la /etc/ssh/ssh_known_hosts 
-rw-r--r-- 1 root root 795 Dec 31 10:33 /etc/ssh/ssh_known_hosts

这绝对是 SSH 问题。 SSH(1) 手册页指出:

ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with. Host keys are stored in ~/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts.

您的问题可能是未提升权限的用户无法读取 /etc/ssh/ssh_known_hosts 文件。

ssh 有一个警告,如果您 运行 类似 sudo ssh-keygen -R domain.com 的东西,它可以修改您现有的 /etc/ssh/ssh_known_hosts/ 文件,使其只能由 root 读取。 (-rw------- root root)。您可能想使用 chownchmod 更改此文件的权限,以确保它在没有 root 权限的情况下也可读。

sudo chmod +r /etc/ssh/ssh_known_hosts

您的已知主机文件格式不正确。每行的第一个条目是您要连接的系统的名称。在这种情况下,它需要是 github.com,而不是普通的 github。这是 OpenSSH 用于查找适当密钥的技术。

您可以使用ssh-keyscan github.com找到正确的格式。