Updating GitHub SSH key

General
1

On Friday GitHub had to rotate their public SSH key.

As a result, all Buildkite builds now fail on git pull.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /c/Users/Bamboo/.ssh/known_hosts to get rid of this message.
Offending RSA key in /c/Users/Bamboo/.ssh/known_hosts:4
RSA host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

How do I go about updating my Buildkite agents to use the new key? The limits of my Buildkite experience are restarting existing builds via the UI, and editing .yml configuration files.

2

Hello @Marcus!

Thanks for reaching out :wave:

With GitHub’s change to their RSA SSH key - any agent that had an existing SSH key created for actioning git workflow commands will need to have their key updated.

Since you mentioned the experience being honed to builds/.ymls, it’ll be more a question on setting it up!

3

Thanks - I did this to fix my issues:

  • connected to the EC2 instance running the Buildkite agents
  • deleted the old GitHub SSH key entries from the C:\Users\Bamboo\.ssh\known_hosts file,
  • then ran ssh git@github.com command to add the new SSH keys to the list of known hosts, after verifying the new keys match those published by GitHub.
4

No worries @Marcus - looks exactly like the process to have done!

Please let us know if any other questions arise :+1: