You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users of github-keygen before v1.306 ARE affected by this issue.
Users can check with this command:
$ cat ~/.ssh/known_hosts_github
Users of github-keygen v1.306 (published on June 6th 2022) are not affected as github-keygen has switched to the ed-25519 key in ~/.ssh/known_hosts_github.
This is what you should get:
Note that the use of curl for the upgrade is on purpose: if the user had a old copy of github-keygen made with git clone and the remote is configured using SSH, a git remote update && git rebase would not work because of the revoked SSH key. So, in this case, I consider that curl over https is safer as long as your curl version is recent and your local repository of TLS certificates is up to date.
The text was updated successfully, but these errors were encountered:
dolmen
changed the title
Add information about GitHub SSH RSA leak
Add information about GitHub SSH RSA revocation
Mar 27, 2023
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
Users of github-keygen before v1.306 ARE affected by this issue.
Users can check with this command:
Users of github-keygen v1.306 (published on June 6th 2022) are not affected as github-keygen has switched to the ed-25519 key in
~/.ssh/known_hosts_github
.This is what you should get:
I had switched to ed-25519 in 387b644 (v1.306).
To fix the issue:
$ curl --silent https://raw.githubusercontent.com/dolmen/github-keygen/release/github-keygen | perl
Note that the use of curl for the upgrade is on purpose: if the user had a old copy of github-keygen made with
git clone
and the remote is configured using SSH, agit remote update && git rebase
would not work because of the revoked SSH key. So, in this case, I consider that curl over https is safer as long as your curl version is recent and your local repository of TLS certificates is up to date.The text was updated successfully, but these errors were encountered: