Github publishes RSA SSH host keys by mistake, issues update

2023-03-24 13:34

Github has updated its SSH keys after accidentally publishing the private part to the world.

A post on Github's security blog reveals that the company has changed its RSA SSH host keys.

It's not the end of the world: if you normally push and pull to Github via SSH - which most people do - then you will have to delete your local Github SSH key, and fetch new ones.

Someone published Github's private RSA keys in a repository on Github itself.

That is bad. GitHub Copilot learns new tricks, adopts this year's model GitHub rolls out mandatory 2FA for loads of devs next week GitHub claims source code search engine is a game changer Microsoft, GitHub, OpenAI urge judge to bin Copilot code rip-off case.

SSH supports alternative cryptographic algorithms to RSA for its keys, and Github also has ECDSA and Ed25519 keys as well.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/24/github_changes_its_ssh_host/

#github #RSA #SSH

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
RSA	30	21	67	14	4	106
Github	10	2	30	29	14	75
SSH	7	2	8	4	1	15