Since recently, my
cargo update has started throwing errors about unknown ssh host key for github.com, demanding that the ecdsa key be added to
$ cargo update Updating crates.io index error: failed to get `anyhow` as a dependency of package `electrs v0.9.13 (/home/intelfx/devel/ext/electrs)` Caused by: failed to load source for dependency `anyhow` Caused by: Unable to update registry `crates-io` Caused by: failed to fetch `https://github.com/rust-lang/crates.io-index` Caused by: error: unknown SSH host key The SSH host key for `github.com` is not known and cannot be validated. To resolve this issue, add the host key to the `net.ssh.known-hosts` array in your Cargo configuration (such as /home/intelfx/.cargo/config) or in your OpenSSH known_hosts file at /home/intelfx/.ssh/known_hosts The key to add is: github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= The ECDSA key fingerprint is: SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM This fingerprint should be validated with the server administrator that it is correct. See https://doc.rust-lang.org/stable/cargo/appendix/git-authentication.html#ssh-known-hosts for more information.
However, I have the up-to-date rsa and ed25519 keys in my known_hosts already:
$ grep github.com ~/.ssh/known_hosts github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
Even more so, if I add the ecdsa key to known_hosts manually, it will get automatically deleted by openssh client:
$ grep github.com ~/.ssh/known_hosts | grep ecdsa github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= $ ssh -oUpdateHostKeys=ask firstname.lastname@example.org The server has updated its host keys. These changes were verified by the server's existing trusted key. Deprecating obsolete hostkey: ECDSA SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM Accept updated hostkeys? (yes/no): yes PTY allocation request failed on channel 0 Hi intelfx! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed. $ grep github.com ~/.ssh/known_hosts | grep ecdsa $
Even weirder, only two of the three machines I use exhibit this behavior. To the best of my ability, I could not find any difference in versions or configuration between these. (On the working machine, known_hosts only has the ed25519 key.)
Any clues? Why is
cargo update demanding to use the ecdsa key?