As of this morning, because of a github incident that prompted them to update their RSA host key (details at We updated our RSA SSH host key | The GitHub Blog), all of our circle builds that use the git/checkout step are now failing with the warning:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The “Setup SSH Access” step run as part of that process echoes host keys into .ssh/known_hosts.
And that public host key is no longer correct. I see no trivial workaround implementable from our end, and all of our builds are just dead. Can we get a status page or something, and a quick update to the definition of that circle step?
Ah, I misunderstood where that command was coming from - it looks like we’re using mavenlink/git. Perhaps that’s not as widely used… I’ll just look into switching
It looks like the mavenlink/git orb needs an update. I’ve got a workaround in our system set up by in-housing the contents of that orb (from here) and then updating the host-key for github.
@nevinera / @danqa I apologize for the inconvenience here… the mavenlink/orbs repo was intended mostly for internal uses within our org. We are going to archive the repo as-is (without a fix) and switch to a private orb for our purposes.
In-lining the code from the orb into your circleci configuration is an quick option going forward if you are unable to find another orb with similar features as this one.