GitHub Security Update

GitHub announced that it has replaced its existing SSH host key with a new one after it discovered that the key was exposed in a public repository.

GitHub issued a statement following the discovery to confirm that they have no reason to believe that the exposed key was abused. For more information please click here to visit GitHub.

SSH keys are cryptographic keys used to authenticate computers in the SSH protocol. Their function is like that of user names and passwords.

SSH keys are primarily used for automated processes and for implementing single sign-on (SSO) by system administrators.

SSH (Secure Shell) is used for managing networks, operating systems, and configurations. Host keys are used for authenticating hosts, i.e., computers.

SSH keys can improve security when properly managed. SSH keys are widely used, and many large organisations accumulate them over a long period of time without any controls which poses a major risk for their systems. For example, a typical Fortune 500 enterprise has several million keys granting access to their servers (source: SSH Academy). The keys can be used for financial transactions, updating configurations, file transfers, and many other purposes.

Contact Romano Security Consulting today and let us help to put you on the right track to secure your organisation.