Unable to update a private registry due to SSH host verification on v1.6-beta1

[nickrobinson251]

(@v1.6) pkg> registry up
    Updating registry at `~/.julia/registries/General`
    Updating registry at `~/.julia/registries/PackageRegistry`
    Updating git-repo `git@gitlab.invenia.ca:invenia/PackageRegistry`
SSH host verification: the identity of the server `gitlab.invenia.ca` does not match its known hosts record. Someone could be trying to man-in-the-middle your connection. It is also possible that the server has changed its key, in which case you should check with the server administrator and if they confirm that the key has been changed, update your known hosts file.
┌ Warning: Some registries failed to update:
│     — /Users/nick/.julia/registries/PackageRegistry — failed to fetch from repo
└ @ Pkg.Types /Users/julia/src/julia/usr/share/julia/stdlib/v1.6/Pkg/src/Types.jl:1183

julia> versioninfo()
Julia Version 1.6.0-beta1
Commit b84990e1ac (2021-01-08 12:42 UTC)
Platform Info:
  OS: macOS (x86_64-apple-darwin19.6.0)
  CPU: Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-11.0.0 (ORCJIT, skylake)

i tried deleting the gitlab.invenia.ca entry from my ~/.ssh/known_hosts file, and removed this registry, then did

nick@nickwork ~/.j/registries> git clone git@gitlab.invenia.ca:invenia/PackageRegistry.git
Cloning into 'PackageRegistry'...
The authenticity of host 'gitlab.invenia.ca (54.204.245.62)' can't be established.
ECDSA key fingerprint is SHA256:9oGrB5kNOFwCJNTGv5oAZoPLfpseLFMKruHuk3MsWc8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.invenia.ca,54.204.245.62' (ECDSA) to the list of known hosts.

but i still see the same issue.

The relevant line in the known_hosts file is

gitlab.invenia.ca,54.204.245.62 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAa7BE2JdARswKmt78V0rrQOj0dVWDISAWkrsI3y/lmfHlHea96IQ0VdjPzpmAs9JO4YnjI+bc9tgAsycy9/j4g=

The gitlab server does not have a static IP address. (The IP changes frequently. It's behind an AWS load balancer.)

[StefanKarpinski]

Can you try manually editing that line in the known hosts file and deleting the trailing IP address?

[nickrobinson251]

No luck.

In each case, i'm deleting the registry from .julia/registries/, then re-cloning it, then running

$ julia-1.6 -e 'using Pkg; Pkg.update()'

I tried deleting the IP address from portion (,54.204.245.62) from that line in the known_host file.

I also tried with editing my .ssh/config to have either

Host gitlab.invenia.ca
  HostKeyAlias gitlabserver

or

Host gitlab.invenia.ca
  CheckHostIP no
  StrictHostKeyChecking no

(following @fredrikekre suggestions on Slack)

p.s. sorry for raising this in multiple places. I thought i'd move it to an issue here in case other people hit the same thing. And thanks a lot for your help!

[nickrobinson251]

Okay, i think i fixed it. I tried removing the .ssh/known_hosts file and that gave me a different warning

nick@nickwork ~/.j/registries> julia-1.6 -e 'using Pkg; Pkg.update()'
    Updating registry at `~/.julia/registries/General`
    Updating registry at `~/.julia/registries/Invenia`
    Updating git-repo `git@gitlab.invenia.ca:invenia/PackageRegistry.git`
SSH host verification: the server `gitlab.invenia.ca` is not a known host. Please run `ssh-keyscan gitlab.invenia.ca >> /Users/nick/.ssh/known_hosts` in order to add the server to your known hosts file and then try again.
┌ Warning: Some registries failed to update:
│     — /Users/nick/.julia/registries/Invenia — failed to fetch from repo
└ @ Pkg.Types /Users/julia/src/julia/usr/share/julia/stdlib/v1.6/Pkg/src/Types.jl:1183
No Changes to `~/.julia/environments/v1.6/Project.toml`
No Changes to `~/.julia/environments/v1.6/Manifest.toml`

After adding the known_host file back and running ssh-keyscan gitlab.invenia.ca >> /Users/nick/.ssh/known_hosts I no longer see the warning in Julia.

Thanks a lot for your help!

[iamed2]

I think the behaviour described in the second part of the top post is still a bug: #2334

[dmoored4]

I was still having this issue. I don't know what the full implications are, but basically if I use https://gitlab.<company>.com/.../<package name>.git instead of the git@gitlab.<company>.com:../<project name>.git then things work. I had one package that was "https" and the other that was "git@gitlab" and I kept getting the man-in-the-middle error when i tried to add that package. I did not have success trying the other various suggestions associated with this and other threads, but I may have been doing it wrong. What eventually worked, but I wouldn't want to do again, is I went to the Registry's repo and changed the URL in the packages Package.toml directly to be the "https" URL. I then removed the registry from my machine and added it again. I was then successful in adding both packages with no MITM or other type errors or warnings.

I think as long as I make sure the packages are registered with the correct URL in the first place this won't be an issue. Not sure if this sheds any light or helps anybody else, but just thought I'd throw it out there if it does. Thanks!