Hacker News new | ask | show | jobs
by NieDzejkob 1189 days ago
I tested this and on a new enough OpenSSH client, the RSA key gets replaced using the mechanism described here: https://lwn.net/Articles/637156/ (if you connect using a key other than RSA).

To be honest, I'd expect something like this to be mentioned in the announcement.
1 comments
creamyhorror 1189 days ago
Assuming the user connects to Github first instead of a MitM attacker spoofing Github.
link