Authenticity host github.com (140.82.xxx.x) can't be established - RSA key fingerprint is SHA256:nThbgh78...Are you sure you want to continue?

Question

Using Windows 10 Dell System Computer.

I want to be able from local repo send push files into my new GitHub repository.

It does not allow me to use the https protocol for it continues to prompt me to continue connection to a RSA key fingerprint which I do not recognize.
I have generated a new key. I need to know or where is that inventory of RSA key fingerprint located in my file system.

I have:

• created a local directory file , as well as a new repository at GitHub.
• followed the instructions to push an existing repository from the command line.
• entered "git push -u origin main" to my new GitHub repository.

At the command line:

The authenticity of host 'github.com (140.82.XXx.x)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? no
Host key verification failed.
fatal: Could not read from remote repository.

SOLUTION ???

1. I am thinking that I need to find the location for RSA key fingerprint to determine how many keys do I have. How do I do that? This action will delete the one at display.
2. Don't know where to locate that RSA key fingerprint - is it local or remotely?
3. I have used Git Bash and generated a new key, which is currently in my GitHub profile ssh key location.

Answer 1

A prompt like the one described in the question means that GitHub.com isn't in your known hosts.

If you simply answer 'y' when prompted (as this answer suggests), you're trusting (without checking) that the RSA fingerprint that you're being prompted with matches GitHub.com's RSA fingerprint i.e. that you are really connecting to GitHub.com.

The purpose of this prompt is to give you a chance to verify that the RSA fingerprint that you're presented with really does match, so that you can be sure that you really are connecting to GitHub.com. So for optimal security, you should actually check, rather than just entering 'y' at the prompt without checking.

Here's how to check and ensure that the RSA fingerprint matches:

1. Check GitHub.com's RSA fingerprint (as of this writing it can be found in the docs here https://docs.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints but I found this just by Googling "get github current rsa fingerprint" so if the link changes in the future one should be able to just do a search to find it).
2. Copy GitHub.com's RSA fingerprint that you found in step 1, and paste it into your command line in response to the Are you sure you want to continue connecting (yes/no/[fingerprint])? prompt. This will cause the connection to continue only if the RSA fingerprint you pasted in (i.e. GitHub's RSA fingerprint) matches the RSA fingerprint of the host to which you are trying to connect, thus ensuring that you are really connecting to GitHub.

Note that instead of pasting in the fingerprint you could also manually compare the fingerprints and enter 'y' at the prompt if they match, but this is more prone to human error.

Answer 2

It does not allow me to use the https protocol for it continues to prompt me to continue connection to a RSA key fingerprint which I do not recognize.

If it does prompt you for an RSA key fingerprint, then you are not using HTTPS anyway. You are using an SSH URL.

Simply answer 'y' the first time you see this question: that will create/update a %USERPROFILE%\.ssh\known_hosts file.