GitHub hosts code repositories for countless different projects, from personal websites to popular apps like VLC Media Player. If you have a script, application, or other project that relies on GitHub, it may have just been broken.

GitHub recently discovered that the RSA SSH private key for GitHub.com was "briefly exposed in a public GitHub repository" due to "an inadvertent publishing of private information." In other words, part of the key used for connecting to GitHub repositories was accidentally published. Since the public key could in theory be used for malicious purposes, GitHub reset its public key at around 5:00 AM UTC on March 24.

As a result, any public/private key pairs created before that time (e.g. someone who already set up GitHub Git access on their PC) will now show a warning. The change might also break any automated scripts that involve using Git to push or pull code, such as code in Docker images, depending on how the script was set up.

If you run into this problem, removing the old key and adding the new public key to your hosts file will fix it -- the full instructions are at the source link below. Browsing and downloading code from GitHub's website in your browser still works as usual.

Source: GitHub

Via: The Register