The Backend Engineering Show with Hussein Nasser artwork

GitHub SSH key is Leaked - How bad is this?

The Backend Engineering Show with Hussein Nasser

English - March 30, 2023 11:22 - 21 minutes - 20.1 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Cookie Hijacking - How Linus Tech Tips got Hacked
Next Episode: The Virgin Media ISP outage - What happened?

GitHub Accidentally Exposed their SSH RSA Private key, this is the message you will get .

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Host key for github.com has changed and you have requested strict checking.
Host key verification failed.

In this video I discuss how bad is this,.

0:00 Intro
1:10 What happened?
3:00 SSH vs TLS Authentication
6:00 SSH Connect
7:45 How bad is the github leak?
15:00 What should you do?
18:50 Is ECDSA immune?

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/