Resolving 'Server Host Key Not Cached' Error in Git: SSH Trust Mechanisms and Windows Configuration

When pushing code with Git, developers may encounter a common security warning: "server host key not cached." This error typically occurs during the initial connection to a remote Git server when the SSH client cannot find the server's host key record locally. This article delves into the root causes of this issue and provides multiple solutions, with particular attention to configuration details in Windows environments.

SSH Host Key Verification Mechanism

The SSH protocol ensures connection security through host key verification. When a client first connects to a server, the server sends its public key fingerprint. The client must verify that this fingerprint matches expectations before storing it locally (usually in the ~/.ssh/known_hosts file). If the key is not cached, the SSH client refuses the connection to prevent man-in-the-middle attacks.

Primary Solution: Manual Trust Establishment

According to best practices, the most direct solution is to manually establish an SSH connection. Execute the following in Git Bash or command line:

ssh user@hostname

The system will display a prompt similar to:

The authenticity of host 'hostname (IP address)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?

After confirming that the fingerprint matches the server's official fingerprint, type yes. SSH will automatically add the key to the known_hosts file, after which Git operations can proceed normally.

Windows-Specific Environment Issues

In Windows systems, particularly when using PuTTY as the SSH client, path configuration issues may arise. As reported by users:

Could not create directory '/c//%HOMEDRIVE%%HOMEPATH%/.ssh'.
percent_expand: unknown key %H

This indicates that the HOME environment variable is set to Windows format (%HOMEDRIVE%%HOMEPATH%), while SSH expects Unix-style paths. Solutions include:

• Check environment variables: Run set | grep -i ssh in Git Bash to view relevant settings
• Clear conflicting variables: If GIT_SSH points to PuTTY's plink.exe, try unset GIT_SSH
• Correct HOME variable: Ensure HOME uses the proper path format (e.g., /C/Users/username)

Alternative Approach Using PuTTY/plink

For environments configured with PuTTY, host keys can be cached using the plink.exe tool:

> plink.exe hostname

The program will prompt whether to store the key in PuTTY's cache; enter y to confirm. Note that PuTTY stores keys in a different location than OpenSSH, which may cause Git to still not recognize cached keys.

Security Considerations

When adding host keys, always verify the authenticity of the fingerprint. Below are official fingerprints for some common Git services (refer to the latest documentation for updates):

• GitHub: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
• Bitbucket: 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40

If fingerprints do not match, it may indicate a security risk; abort the connection and investigate further.

Summary and Best Practices

The core of resolving the "server host key not cached" error lies in understanding SSH's security verification process. For most cases, manually establishing an SSH connection is the simplest and most effective method. In Windows environments, special attention must be paid to path formats and environment variable configurations. Developers are advised to:

1. Always verify server fingerprint authenticity
2. Keep SSH client and Git tools updated
3. Standardize SSH configurations in team environments
4. Regularly check the integrity of the known_hosts file

By properly configuring SSH trust mechanisms, not only can current connection issues be resolved, but a secure foundation for future code collaboration can also be established.