
Git Clone Not Working? SSH Host Key and HTTPS Network Fixes
李長超
1
7-3The provided text details troubleshooting steps for git clone
failures, initially encountering an SSH "REMOTE HOST IDENTIFICATION HAS CHANGED" error, indicating a host key mismatch that prevents connection due to security concerns. When attempting to switch to HTTPS for cloning, a new "Connection reset by peer" error emerges, pointing towards underlying network issues. The document explains the root causes for both problems and offers comprehensive solutions, ranging from updating SSH host keys to network diagnostics and alternative cloning methods.
SSH Host Key Mismatch: Cause and Impact
- The
git clone
command fails with a "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" and "Host key verification failed" message. - This occurs when the SSH client's stored public key for a remote host (like GitHub, in
/Users/lichangchao/.ssh/known_hosts
) does not match the key presented by the server during connection. - It serves as a security warning for potential Man-in-the-Middle attacks, though it's commonly caused by legitimate server key updates (e.g., GitHub's regular security maintenance).
- The mismatch prevents the SSH connection, leading to a "fatal: Could not read from remote repository" error.
Resolving SSH Host Key Verification Failures
- Verify New Key: Confirm the legitimacy of the new RSA key fingerprint (e.g.,
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s
) through official channels like GitHub's documentation or announcements. - Remove Old Key: Delete the conflicting entry for
github.com
from yourknown_hosts
file (e.g., line 4 in/Users/lichangchao/.ssh/known_hosts
) using a text editor or the commandssh-keygen -R github.com
. - Reconnect: After removing the old key, re-run the
git clone
command. The SSH client will prompt you to accept the new host key; confirm by typingyes
if the fingerprint has been verified.
HTTPS Cloning: Authentication & Network Challenges
- Switching Method: As an alternative to SSH, users can attempt to clone using HTTPS by changing the URL format (e.g.,
https://github.com/licc168/chat_plus.git
). - Authentication: When using HTTPS, GitHub requires a Personal Access Token (PAT) instead of your account password for authentication, as password-based authentication for Git operations was disabled in August 2021.
- New Error: Even with HTTPS, a "fatal: unable to access...Connection reset by peer" error can occur, indicating a deeper network connectivity issue rather than an authentication or key problem.
Diagnosing and Resolving Network Connection Errors
- Network Check: Begin by pinging
github.com
to confirm basic internet connectivity; corporate or school networks might explicitly block GitHub. - SSH Re-attempt (Recommended): If the network issue is not immediately resolved, it's often more robust to fix the original SSH issue by clearing the old key (
ssh-keygen -R github.com
) and retrying the SSH clone. - HTTPS Specific Solutions: For persistent HTTPS issues, adjust Git's global configurations to increase the POST buffer (
git config --global http.postBuffer 524288000
) and enable HTTP/1.1 for long connections (git config --global http.version HTTP/1.1
). - Proxy/Firewall Check: Inspect for active proxy settings (
env | grep -i proxy
) and unset them if unnecessary (unset http_proxy https_proxy
); firewalls or routers blocking GitHub's port 443 can also cause failures. - Alternative Mirror: As a last resort, consider using a mirror service like Gitee by importing the repository there and cloning from the mirror.