Roots Discourse

Composer failing due to incorrect GitHub fingerprint

I’ve got a number of Trellis/Bedrock/Sage sites that have been working fine for several years, but now I’m getting a composer error when I deploy:

The fingerprint for the ED25519 key sent by the remote
host is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU. Please contact
your system administrator. Add correct host key in /home/web/.ssh/known_hosts
to get rid of this message. Offending RSA key in /home/web/.ssh/known_hosts:1

The key it’s complaining about is the GitHub key added by Trellis. I can remove it on the server, but then re-deploying adds it back. It looks like Trellis is adding an RSA fingerprint to known_hosts and GitHub is responding with a Ed25519 fingerprint, so possibly that’s the issue?

Trellis can clone the site repo from Github OK, it’s failing at ‘Install Composer dependencies’, when trying to clone plugins from GitHub.

This is affecting multiple projects, so I suspect the issue comes from my local machine. The only GitHub change that I’ve made recently is to try git-credential-manager-core (now uninstalled).

I’ve gone through all the related posts I can find and have tried various things including clearing github entries from local known_hosts, server known_hosts, clearing composer caches, etc but to no avail. Any ideas gratefully received.

I had the same problem last week, but only on projects with a private repo defined in repositories.

I think the problem started after updating my github personal access token to the new format.

I fixed it by logging in to the remote server with ssh with the web user and running composer install from one of the failed deploy release folders. I will prompt a github message that you need to enter a personal access token for composer.

Follow these instructions (or copy your local token from your global composer config) and enter the token, the error will be gone on the next deploy!

1 Like

Brilliant - thank you very much for quick reply.

Just to confirm that this fixed the issue. Thank you very much for your help.

1 Like

Would it be possible to set the credentials in a config file?
So this prompt won’t appear again?

The token will be set in the global composer file (/home/composer/config.json), but I don’t know if this can be automated or if the local config token can be copied over to the remote config.

You can configure Trellis to generate an auth.json for you on deploy, see Gitlab private repo as composer package - #13 by alwaysblank Composer will check this file for a GitHub oauth token, which should do the trick: Authentication for privately hosted packages and repositories - Composer

3 Likes

Nice one, will start using this on my projects from now on!