GitHub Updates RSA Key for SSH After Accidental Public Exposure

GitHub has been hit with an RSA key leak, as reported by GitHub on their blog. The RSA-key was accidentally published in a public repository, posing a potential risk to SSH access to GitHub repositories. Consequently, to avoid any interception of SSH sessions, GitHub has initiated the process of replacing the RSA key.

However, the leak only affects the RSA key, while the ECDSA and ED25519 SSH switching are unaffected. The exposed RSA key is a hobby SSH key that does not allow access to the GitHub infrastructure or user data. Nevertheless, it can be used to intercept GIT operations made through SSH.

To prevent any possible security breaches, GitHub has taken swift action by replacing the key. Concerned users may wish to visit GitHub’s blog for more information.

Source: GitHub blog

/Reports, release notes, official announcements.