[PROJ] GitHub changed their RSA SSH host key

Laurențiu Nicola lnicola at dend.ro
Fri Mar 24 03:04:39 PDT 2023


Hi,

I believe not, but existing contributors to repositories on GitHub who use SSH might get an warning when trying to push or pull from the remote.

The correct action is to run ssh-keygen -R github.com, then try again, and confirming the prompt after making sure that the new fingerprint matches one of the three from https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.

Laurentiu

On Fri, Mar 24, 2023, at 12:01, Javier Jimenez Shaw wrote:
> Hi
> 
> In case you use GitHub (for PROJ or anything else) this may be interesting for you:
> https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
> 
> First paragraph:
> 
> At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH. This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected.
> 
> Is there action needed in OSGeo repos?
> 
> Cheers,
> Javier.
> 
> .___ ._ ..._ .. . ._.  .___ .. __ . _. . __..  ... .... ._ .__
> _______________________________________________
> PROJ mailing list
> PROJ at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/proj
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/proj/attachments/20230324/03d1617b/attachment.htm>


More information about the PROJ mailing list