Access Keys:
Skip to content (Access Key - 0)

Update your Known_Hosts file to access MIT GitHub Enterprise


Friday, September 23, 2016: A CRITICAL issue has been identified for all 2.x versions of GitHub Enterprise.

  • IS&T has updated our GitHub Enterprise to the latest version to address this risk.
  • At 3pm this afternoon, IS&T updated the SSH Host Keys.
  • When IS&T updates the SSH Host Keys, MIT users will see a warning of a man-in-the-middle-attack. This is expected behavior.
  • To resolve the warning, remove the entry for from your known_hosts file.
  • There might be 2 entries in the known_hosts file: one for and one for
  • The next time you make an SSH connection to your repository, verify that the host key fingerprint matches the fingerprint for our GitHub Enterprise host keys. Then accept the host key fingerprint.
  • Detailed instructions are available below.

Step one: Remove the old key from your known hosts file.

Mac OS X or Linux users

  • At a Terminal prompt, the following command will remove -R the host key fingerprint.
    ssh-keygen -R
    ssh-keygen -R

Windows users

  • Launch Notepad
  • Using Notepad, open this file:
  • Look for an entry that contains or Delete the string containing
  • Save and close the known_hosts file.

Step two: Verify that the key fingerprint matches MIT's GitHub Enterprise host key fingerprint

  • The next time that you make an SSH connection to your Git repository, you will see a prompt to verify the host key fingerprint.
  • You may see any of the following, depending on the configuration of your system. MIT's Enterprise GitHub host key fingerprints are:
1024 6a:b9:7a:75:7a:c7:4b:c2:cf:34:8e:37:4a:16:dc:b1 (DSA)

256 ac:6f:99:33:8f:9e:63:c5:4d:8f:c8:3d:b7:cd:05:b5 (ECDSA)

256 3f:9c:18:6f:be:b8:5a:bb:71:bf:be:53:c9:58:b4:13 (ED25519)

2048 03:3b:72:d6:20:6f:3e:1f:5e:2f:38:a2:80:01:f3:22  (RSA)

256 mP1vMrsRkP6l42bs0dsXejq3YgxMD2r5NqboImqssw0 (EDCSA)

2048 qtLpZn5Gd9N92Tk/9J8XoRjBh49py4/Q2xC3cV6tV2g (RSA)

Step three: Accept the new host key fingerprint

RSA key fingerprint is 03:3b:72:d6:20:6f:3e:1f:5e:2f:38:a2:80:01:f3:22.

Are you sure you want to continue connecting (yes/no)? yes
  • Hit Enter to accept.
  • Confirmation message will be displayed
    Warning: Permanently added ',' (RSA) to the list of known hosts.
  • You're done.

What will the warning message look like before I update my known_hosts file?

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:42
ECDSA host key for []:122 has changed and you have requested strict checking.
Host key verification failed.

For more information

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

October 15, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
c-github c-github Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
  1. Sep 23, 2016

    Edit: Addressed, thanks!

    These hexadecimal MD5 hashes cannot be matched against the base64 SHA-256 hashes produced by default in OpenSSH 6.8 and later:

    $ git clone
    Cloning into 'test'...
    The authenticity of host ' (' can't be established.
    ECDSA key fingerprint is SHA256:mP1vMrsRkP6l42bs0dsXejq3YgxMD2r5NqboImqssw0.
    Are you sure you want to continue connecting (yes/no)?

    Can you provide the hashes in both formats? I have

    1024 MD5:6a:b9:7a:75:7a:c7:4b:c2:cf:34:8e:37:4a:16:dc:b1 (DSA)
    1024 SHA256:pcwTyC+O0EBl9oZDmDllX5kJZXxg2yAMwuKGkt0DNCo (DSA)
    256 MD5:ac:6f:99:33:8f:9e:63:c5:4d:8f:c8:3d:b7:cd:05:b5 (ECDSA)
    256 SHA256:mP1vMrsRkP6l42bs0dsXejq3YgxMD2r5NqboImqssw0 (ECDSA)
    2048 MD5:03:3b:72:d6:20:6f:3e:1f:5e:2f:38:a2:80:01:f3:22 (RSA)
    2048 SHA256:qtLpZn5Gd9N92Tk/9J8XoRjBh49py4/Q2xC3cV6tV2g (RSA)

    (The ED25519 key does not seem to be available on the server.)

Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki