[GH-ISSUE #191] The lack of a known_hosts leads to hanging when checking authenticity of git host

kerem commented

2026-03-01 21:40:27 +03:00

Owner

Originally created by @seve on GitHub (Apr 13, 2020).
Original GitHub issue: https://github.com/nektos/act/issues/191

When running the following lines on a job I have:

steps:
      - uses: actions/checkout@v2
      - run: |
          git fetch --depth=1 origin +refs/heads/${{github.base_ref}}:refs/remotes/origin/${{github.base_ref}}

I receive the following output:

The authenticity of host 'github.com (140.82.113.3)' can't be established.
| RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.

and then the process hangs, I believe because I can't answer the prompt that follows asking if I should trust the remote.

Originally created by @seve on GitHub (Apr 13, 2020). Original GitHub issue: https://github.com/nektos/act/issues/191 When running the following lines on a job I have: ``` steps: - uses: actions/checkout@v2 - run: | git fetch --depth=1 origin +refs/heads/${{github.base_ref}}:refs/remotes/origin/${{github.base_ref}} ``` I receive the following output: ``` The authenticity of host 'github.com (140.82.113.3)' can't be established. | RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8. ``` and then the process hangs, I believe because I can't answer the prompt that follows asking if I should trust the remote.

kerem

2026-03-01 21:40:27 +03:00

closed this issue
added the
area/action

kind/bug

meta/resolved
labels

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@seve commented on GitHub (Apr 13, 2020):

Is there a way of copying a known_hosts file to the container?

@seve commented on GitHub (Apr 13, 2020): Is there a way of copying a known_hosts file to the container?

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@Scotchester commented on GitHub (Apr 17, 2020):

I'm running into this, as well. It's mystifying to me that the base actions/checkout@v2 step works, but subsequent manual fetches do not.

@Scotchester commented on GitHub (Apr 17, 2020): I'm running into this, as well. It's mystifying to me that the base `actions/checkout@v2` step works, but subsequent manual fetches do not.

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@seve commented on GitHub (Apr 17, 2020):

@Scotchester I believe its due to checkout having a fallback curl retrieval when git either isn't present or not working (https://github.com/actions/checkout/pull/104)

@seve commented on GitHub (Apr 17, 2020): @Scotchester I believe its due to checkout having a fallback curl retrieval when git either isn't present or not working (https://github.com/actions/checkout/pull/104)

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Jun 17, 2020):

Issue is stale and will be closed in 7 days unless there is new activity

@github-actions[bot] commented on GitHub (Jun 17, 2020): Issue is stale and will be closed in 7 days unless there is new activity

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Aug 17, 2020):

Issue is stale and will be closed in 7 days unless there is new activity

@github-actions[bot] commented on GitHub (Aug 17, 2020): Issue is stale and will be closed in 7 days unless there is new activity

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@karlloic commented on GitHub (Aug 23, 2020):

Facing the same issue

@karlloic commented on GitHub (Aug 23, 2020): Facing the same issue

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@DarrellRichards commented on GitHub (Sep 20, 2020):

Also facing the same issue with a GitHub action that runs a git fetch command

@DarrellRichards commented on GitHub (Sep 20, 2020): Also facing the same issue with a GitHub action that runs a `git fetch` command

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@RDeluxe commented on GitHub (Nov 9, 2020):

Facing the same issue, while trying to run a git fetch command

@RDeluxe commented on GitHub (Nov 9, 2020): Facing the same issue, while trying to run a `git fetch` command

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@cmawhorter commented on GitHub (Nov 24, 2020):

outside of gh actions this solves the issue: mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

but when i put that as a run statement in my workflow it doesn't work. i'm a noob to gh actions/workflows so not sure what's going on. not sure if it's a GH issue or an act issue or what.

Edit: it seems it's an act issue. the comment from the pr above mentions it.

i was able to bypass the issue sorta. it may work for cloning a repo but i'm still running into issues installing gh npm packages.

env:
  GIT_SSH_COMMAND: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

as for gh packages, i'm at a dead end here. it gets beyond the error OP mentions but always gives a permission denied error for some reason. is it possible to override the secrets.GITHUB_TOKEN?

@cmawhorter commented on GitHub (Nov 24, 2020): outside of gh actions this solves the issue: `mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts` but when i put that as a `run` statement in my workflow it doesn't work. i'm a noob to gh actions/workflows so not sure what's going on. not sure if it's a GH issue or an act issue or what. Edit: it seems it's an act issue. the [comment](https://github.com/softrams/bulwark/pull/293#issuecomment-695472698) from the pr above mentions it. i was able to bypass the issue sorta. it may work for cloning a repo but i'm still running into issues installing gh npm packages. ``` env: GIT_SSH_COMMAND: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ``` as for gh packages, i'm at a dead end [here](https://github.com/actions/setup-node/issues/87#issuecomment-600437462). it gets beyond the error OP mentions but always gives a permission denied error for some reason. is it possible to override the secrets.GITHUB_TOKEN?

kerem commented

2026-03-01 21:40:28 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Jan 16, 2021):

Issue is stale and will be closed in 14 days unless there is new activity

@github-actions[bot] commented on GitHub (Jan 16, 2021): Issue is stale and will be closed in 14 days unless there is new activity

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@caylahamann commented on GitHub (Jan 27, 2021):

Running into this issue while trying to create a PR from a github action.

@caylahamann commented on GitHub (Jan 27, 2021): Running into this issue while trying to create a PR from a github action.

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@LamarrD commented on GitHub (Feb 17, 2021):

Running into the same issue, "The authenticity of host 'github.com (140.82.113.4)' can't be established" followed by hanging. In my case trying to use the Path FIlter action, going to try a similar route as @cmawhorter unless someone has a better solution

@LamarrD commented on GitHub (Feb 17, 2021): Running into the same issue, "The authenticity of host 'github.com (140.82.113.4)' can't be established" followed by hanging. In my case trying to use the [Path FIlter]( https://github.com/dorny/paths-filter ) action, going to try a similar route as @cmawhorter unless someone has a better solution

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@dannystaple commented on GitHub (Mar 17, 2021):

This is still a problem - how do you interact with the remote here?

@dannystaple commented on GitHub (Mar 17, 2021): This is still a problem - how do you interact with the remote here?

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@jsoref commented on GitHub (Apr 4, 2021):

Does this not work? github.com/actions/checkout@c952173edf/action.yml (L37-L41)

@jsoref commented on GitHub (Apr 4, 2021): Does this not work? https://github.com/actions/checkout/blob/c952173edf28a2bd22e1a4926590c1ac39630461/action.yml#L37-L41

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (May 5, 2021):

Issue is stale and will be closed in 14 days unless there is new activity

@github-actions[bot] commented on GitHub (May 5, 2021): Issue is stale and will be closed in 14 days unless there is new activity

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@seve commented on GitHub (May 27, 2021):

bump

@seve commented on GitHub (May 27, 2021): bump

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@jsoref commented on GitHub (May 27, 2021):

The main difference between act and GitHub has to do with how ssh sees the system.

- run:  if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi

On GitHub:

Run if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi
  if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi
  shell: /usr/bin/bash -e {0}
not a terminal

In Act:

[debug ssh/test] ⭐  Run if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi
| terminal

You can emulate this behavior by doing:

+    - run: rm /dev/tty

@jsoref commented on GitHub (May 27, 2021): The main difference between `act` and GitHub has to do with how ssh sees the system. ``` - run: if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi ``` On GitHub: ``` Run if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi shell: /usr/bin/bash -e {0} not a terminal ``` In Act: ``` [debug ssh/test] ⭐ Run if [ -t 1 ] ; then echo terminal; else echo "not a terminal"; fi | terminal ``` You can emulate this behavior by doing: ``` + - run: rm /dev/tty ```

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@jsoref commented on GitHub (May 28, 2021):

For reference, this problem isn't limited to act.

I'm running a https://github.com/evryfs/github-actions-runner runner in docker (i.e. "self-hosted")

+ ./config.sh --unattended --replace --url https://github.com/GarnerBuild/dummy --token $TOKEN

--------------------------------------------------------------------------------
|        ____ _ _   _   _       _          _        _   _                      |
|       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
|      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
|      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
|       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
|                                                                              |
|                       Self-hosted runner registration                        |
|                                                                              |
--------------------------------------------------------------------------------

# Authentication


√ Connected to GitHub

# Runner Registration



√ Runner successfully added
√ Runner connection is good

# Runner settings


√ Settings Saved.

+ exec ./run.sh ''

√ Connected to GitHub

2021-05-28 19:18:31Z: Listening for Jobs
2021-05-28 19:56:25Z: Runner connect error: The HTTP request timed out after 00:01:00.. Retrying until reconnected.
2021-05-28 19:57:42Z: Runner reconnected.
2021-05-28 20:14:55Z: Running job: test
The authenticity of host 'gitlab.com (172.65.251.78)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

And my job has been sitting running for:

40m 18s (and counting)

@jsoref commented on GitHub (May 28, 2021): For reference, this problem isn't limited to `act`. I'm running a https://github.com/evryfs/github-actions-runner runner in docker (i.e. "self-hosted") ```sh + ./config.sh --unattended --replace --url https://github.com/GarnerBuild/dummy --token $TOKEN -------------------------------------------------------------------------------- | ____ _ _ _ _ _ _ _ _ | | / ___(_) |_| | | |_ _| |__ / \ ___| |_(_) ___ _ __ ___ | | | | _| | __| |_| | | | | '_ \ / _ \ / __| __| |/ _ \| '_ \/ __| | | | |_| | | |_| _ | |_| | |_) | / ___ \ (__| |_| | (_) | | | \__ \ | | \____|_|\__|_| |_|\__,_|_.__/ /_/ \_\___|\__|_|\___/|_| |_|___/ | | | | Self-hosted runner registration | | | -------------------------------------------------------------------------------- # Authentication √ Connected to GitHub # Runner Registration √ Runner successfully added √ Runner connection is good # Runner settings √ Settings Saved. + exec ./run.sh '' √ Connected to GitHub 2021-05-28 19:18:31Z: Listening for Jobs 2021-05-28 19:56:25Z: Runner connect error: The HTTP request timed out after 00:01:00.. Retrying until reconnected. 2021-05-28 19:57:42Z: Runner reconnected. 2021-05-28 20:14:55Z: Running job: test The authenticity of host 'gitlab.com (172.65.251.78)' can't be established. ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw. Are you sure you want to continue connecting (yes/no/[fingerprint])? ``` And my job has been sitting running for: ![image](https://user-images.githubusercontent.com/2119212/120040945-7661eb00-bfd5-11eb-8d62-404766caa676.png) 40m 18s (and counting)

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@catthehacker commented on GitHub (May 28, 2021):

In Docker, TTY is always allocated

@catthehacker commented on GitHub (May 28, 2021): In Docker, TTY is always allocated

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@sveneh commented on GitHub (Jun 15, 2021):

Why is this closed? This is still a problem with the latest act version. Anyone knows a workaround?

@sveneh commented on GitHub (Jun 15, 2021): Why is this closed? This is still a problem with the latest act version. Anyone knows a workaround?

kerem commented

2026-03-01 21:40:29 +03:00

Author

Owner

@catthehacker commented on GitHub (Jun 15, 2021):

add this to workflow or use docker image that already does that (e.g. catthehacker/ubuntu:act-latest)

mkdir -m 0700 -p ~/.ssh && ssh-keyscan github.com | tee -a ~/.ssh/known_hosts

@catthehacker commented on GitHub (Jun 15, 2021): add this to workflow or use docker image that already does that (e.g. `catthehacker/ubuntu:act-latest`) ```sh mkdir -m 0700 -p ~/.ssh && ssh-keyscan github.com | tee -a ~/.ssh/known_hosts ```

kerem referenced this issue

2026-03-01 21:50:51 +03:00

[PR #130] [MERGED] fix #128: guard against empty actionName when 'uses: ./' #1360

Rows
Columns

[GH-ISSUE #191] The lack of a known_hosts leads to hanging when checking authenticity of git host #129