On March 24th at approximately 05:00 UTC, GitHub replaced their RSA SSH host key to secure Git operations for GitHub.com, in order to protect users from potential security risks. This change only impacts Git operations over SSH using RSA, while web traffic to GitHub.com and HTTPS Git operations remain unaffected.

The exposure of the RSA SSH private key in a public GitHub repository was not the result of a compromise of any GitHub systems or customer information, but rather an inadvertent publishing of private information. No evidence suggests that the exposed key was abused, and the update was performed as a precautionary measure.

If you encounter a warning message when connecting to GitHub.com via SSH, you'll need to remove the old key and add the new RSA SSH public key. Instructions for doing so can be found in the original article.

GitHub Actions users may experience failed workflow runs if they are using actions/checkout with the ssh-key option. For more information on this process, refer to the official documentation on GitHub's SSH public key fingerprints.

To learn more about this update and how it might affect you, read the full article here.