27 March 2023

GitHub’s RSA SSH host key briefly exposed in public repository


GitHub’s RSA SSH host key briefly exposed in public repository

Microsoft-owned GitHub said it replaced its RSA SSH private key after it was briefly exposed in a public repository. The company said that the exposure was not a result of a breach, but rather the key was published accidentally.

“We discovered that GitHub.com's RSA SSH private key was briefly exposed in a public GitHub repository. We immediately acted to contain the exposure and began investigating to understand the root cause and impact. We have now completed the key replacement, and users will see the change propagate over the next thirty minutes,” the company said in a blog post.

GitHub also added that it has no reason to believe that the exposed key was abused and that the steps were taken “out of an abundance of caution.”

“At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH. This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected,” the company explained.

The disclosure comes nearly two months after GitHub revealed a security breach, where hackers stole encrypted code signing certificates for its Desktop and Atom applications after gaining access to a set of repositories of the afore mentioned apps. As a preventive measure the company has revoked the exposed certificates.


Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024