Blog Logo
TAGS RSA SSH host key update

Out of an abundance of caution, GitHub replaced their RSA SSH host key used to secure Git operations for on March 24th at 05:00 UTC. This change only affects Git operations over SSH using RSA. No changes are required for ECDSA or Ed25519 users. GitHub.coms RSA SSH private key was briefly exposed in a public GitHub repository, but it was not the result of a compromise of any GitHub systems or customer information. GitHub has already taken actions to contain the exposure and replaced the key. Users will see the change propagate over the next thirty minutes. If you are using ECDSA or Ed25519 keys, no action is needed. If you see a warning message when connecting to via SSH, remove the old key by running the command ssh-keygen -R, or manually update your ~/.ssh/known_hosts file to remove the old entry. Then, you can manually add the new RSA SSH public key entry to your ~/.ssh/known_hosts file.