Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add information about GitHub SSH RSA revocation #51

Open
dolmen opened this issue Mar 27, 2023 · 0 comments
Open

Add information about GitHub SSH RSA revocation #51

dolmen opened this issue Mar 27, 2023 · 0 comments

Comments

@dolmen
Copy link
Owner

dolmen commented Mar 27, 2023

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

Users of github-keygen before v1.306 ARE affected by this issue.
Users can check with this command:

$ cat ~/.ssh/known_hosts_github

Users of github-keygen v1.306 (published on June 6th 2022) are not affected as github-keygen has switched to the ed-25519 key in ~/.ssh/known_hosts_github.
This is what you should get:

$ cat ~/.ssh/known_hosts_github
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
gist.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl

I had switched to ed-25519 in 387b644 (v1.306).

To fix the issue:

$ curl --silent https://raw.githubusercontent.com/dolmen/github-keygen/release/github-keygen | perl

Note that the use of curl for the upgrade is on purpose: if the user had a old copy of github-keygen made with git clone and the remote is configured using SSH, a git remote update && git rebase would not work because of the revoked SSH key. So, in this case, I consider that curl over https is safer as long as your curl version is recent and your local repository of TLS certificates is up to date.

@dolmen dolmen changed the title Add information about GitHub SSH RSA leak Add information about GitHub SSH RSA revocation Mar 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant