FYI - if you try to push to GitHub and see something like git push origin citation_cff @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. ...
you need to do ssh-keygen -R github.com git push ... again Next make sure (!) that the new fingerprint in the message matches one of the three from https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints If so, confirm with "yes" the prompt and you are settled. Markus ---------- Forwarded message --------- From: Laurențiu Nicola via PROJ <p...@lists.osgeo.org> Date: Fri, Mar 24, 2023 at 11:10 AM Subject: Re: [PROJ] GitHub changed their RSA SSH host key To: <p...@lists.osgeo.org> Hi, I believe not, but existing contributors to repositories on GitHub who use SSH might get an warning when trying to push or pull from the remote. The correct action is to run ssh-keygen -R github.com, then try again, and confirming the prompt after making sure that the new fingerprint matches one of the three from https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints. Laurentiu On Fri, Mar 24, 2023, at 12:01, Javier Jimenez Shaw wrote: Hi In case you use GitHub (for PROJ or anything else) this may be interesting for you: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ First paragraph: At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH. This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected. Is there action needed in OSGeo repos? Cheers, Javier. .___ ._ ..._ .. . ._. .___ .. __ . _. . __.. ... .... ._ .__ _______________________________________________ PROJ mailing list p...@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/proj _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/grass-dev