The GitHub logo on a grey background

GitHub hosts code repositories for countless different projects, from personal websites to popular apps like VLC Media Player. If you have a script, application, or other project that relies on GitHub, it may have just been broken.

GitHub recently discovered that the RSA SSH private key for was “briefly exposed in a public GitHub repository” due to “an inadvertent publishing of private information.” In other words, part of the key used for connecting to GitHub repositories was accidentally published. Since the public key could in theory be used for malicious purposes, GitHub reset its public key at around 5:00 AM UTC on March 24.

As a result, any public/private key pairs created before that time (e.g. someone who already set up GitHub Git access on their PC) will now show a warning. The change might also break any automated scripts that involve using Git to push or pull code, such as code in Docker images, depending on how the script was set up.

If you run into this problem, removing the old key and adding the new public key to your hosts file will fix it — the full instructions are at the source link below. Browsing and downloading code from GitHub’s website in your browser still works as usual.

Source: GitHub
Via: The Register

Profile Photo for Corbin Davenport Corbin Davenport
Corbin Davenport is the News Editor at How-To Geek, an independent software developer, and a podcaster. He previously worked at Android Police, PC Gamer, and XDA Developers.
Read Full Bio »