Security News > 2023 > March > GitHub.com rotates its exposed private SSH key

GitHub.com rotates its exposed private SSH key
2023-03-24 08:33

GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository.

In a succinct blog post published today, GitHub acknowledged discovering this week that the RSA SSH private key for GitHub.com had been ephemerally exposed in a public GitHub repository.

"We have now completed the key replacement, and users will see the change propagate over the next thirty minutes. Some users may have noticed that the new key was briefly present beginning around 02:30 UTC during preparations for this change."

GitHub further states it has "No reason to believe" that the exposed key was abused, and rotated the key "Out of an abundance of caution."

The exposed RSA key in question does not grant access to GitHub's infrastructure or customer data, Hanley has clarified.

Users should update their ~/.ssh/known hosts file with GitHub's new key fingerprint, otherwise they may see security warnings when making SSH connections.


News URL

https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/