GitHub's RSA SSH Host Key Update Causes Temporary CI/CD Issues for Development Teams

GitHub recently announced an update to its RSA Secure Shell (SSH) host key as part of its ongoing commitment to maintaining a high standard of security for its users. In a blog post published on March 23, 2023, the company outlined the change and detailed steps users need to follow to ensure uninterrupted access to their repositories.

Meanwhile, several companies started noticing broken CI/CD workflows in their organizations.

The RSA SSH host key is an integral component of the security protocol that secures the connection between a user's machine and the remote Git server, so Github says the update has been implemented to enhance the overall security of the platform and to stay ahead of potential vulnerabilities.

Users who access GitHub via SSH may experience a warning message about the changed host key the next time they try to connect. To avoid any disruption to their workflow, GitHub advises users to update their known_hosts file to include the new RSA host key. The blog post provides step-by-step instructions on how to perform this update for various operating systems, including Windows, macOS, and Linux.

GitHub has emphasized that the new RSA key is backward compatible with older clients, ensuring a smooth transition for users. However, it has still broken some CI/CD workflows for many organizations and developers. The company highly recommends updating the SSH clients to the latest version to benefit from the latest security features and improvements.

In addition to the RSA host key update, GitHub is also planning to phase out support for older, less secure key exchange algorithms in the near future. This move is intended to further enhance security across the platform.