[nessex]

It's not mentioned in the blog post or keys page, but the _old_ value[1] you'll find in known_hosts is:

  github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

You can search for this in your codebases, hosts etc. to see if there are any areas that need updating. The new value is linked from the blog post, you can find it here: https://docs.github.com/en/authentication/keeping-your-accou...

[1] https://github.blog/changelog/2022-01-18-githubs-ssh-host-ke...

[Timothee]

Good callout!

I looked at my `~/.ssh/known_hosts` file and that key is associated with a few IP addresses in addition to github.com. Those lines stayed after I ran `ssh-keygen -R github.com`.

I imagine that I also need to remove those other lines manually, but isn't that something that GitHub should have mentioned? I'm not sure in which circumstances these got added either…

[bravetraveler]

Same here, found the two following IPs with the same hostkey:

    - 192.30.253.112
    - 140.82.114.3

WHOIS shows github ownership, just not sure when/how/why I got these

[bxparks]

My ~/.ssh/known_hosts used to look like that, but now it looks like the host part is encrypted? It looks like:

  |1|{base64-encoded-string?}|{another-base64-encoded} ssh-rsa AAA{long-string}

This is on Ubuntu 22.04 (Linux Mint).

[banana_giraffe]

This is because HashKnownHosts has been turned on, the first value is a salt, the second value is a hash of the salt and the host name.