SSH key erroneously unverified automatically

Baffled by failure to push well-established repo to GitHub.
GitHub reports

ERROR: We're doing an SSH key audit.
Reason: unverified automatically (private key found in a public repository)
Please visit https://github.com/settings/keys/<a number>

My SSH and GPG keys page shows no unverified keys and I have absolutely no hint as to where such a private key exists - and I am 99% sure there is no unencrypted key in this repo.

2 Likes

I’m having this problem as well and followed the instructions provided by GH here to no avail.

My SSH settings page doesn’t show an “Approve” button for my SSH key, and my key on GH matches up with what ssh-add -l -E sha256 shows locally.

I temporarily solved the issue by deleting my key in GH, generating a new one, and adding it to GH. Unfortunately, when I tried a git command for the first time today, the issue came back.

I’m on a Mac running macOS Catalina 10.15.5.

Any help would be much appreciated!

Also experiencing the same issue

I’ve seemingly solved the issue here. Don’t know whether this was due to a mistake on my part or GitHub’s … I’m pretty sure that, on this occasion, the cause was my error even though GitHub reported the wrong error message and the wrong SSH key’s fingerprint in its error message.

I discovered my error by adding IdentitiesOnly yes to my ~/.ssh/config for Host GitHub.com

This revealed that I had mis-spelled the IdentityFile ~/.ssh/github.rsa line and the ssh key being used was not the one I intended.

So this is what I have now on my MacOS

Host *
     IdentityFile ~/.ssh/id_rsa
     UseKeychain yes
     ForwardX11 no
     AddKeysToAgent yes
     ForwardAgent yes

Host github.com
     User git
     Hostname github.com
     PreferredAuthentications publickey
     IdentityFile ~/.ssh/github.rsa
     IdentitiesOnly yes
2 Likes

You may be onto something @iainhouston.

I just had the wildcard Host entry in my ssh config. Added an explicit entry for github.com like you have and it’s working now!

1 Like

Brilliant! Glad it’s working for you.

I still think there’s a bug in that GitHub is reporting a misleading error message and the wrong fingerprint.

Will look into how to report bugs to GitHub.

@henwen I reported this issue at https://support.github.com/contact/feedback

1 Like

I only have the wildcard entry, but your answer helped me solve the problem. I stopped receiving the error when I added these config settings that I copied from your above solution:

PreferredAuthentications publickey
IdentitiesOnly yes