Ok, it will take me some time to get used to the new GitHub SSH host key, because the last one was definitely prettier and easier to recognise.
BUT! the new one has a line that goes "oo#o@.o", and that's funny. And also the top is pretty distinctive, so I *gueeeess* this is alright.
(imagine not rerolling your key until you get an octocat, though. Disappointing.)
(I'm rather annoyed with them for their blog post framing the key change, repeatedly, as "an abundance of caution", as if publishing your private key could have literally any other consequence than rotating your keys asap. Yes, even when it's a well-isolated host key.)
@rixx that "abundance of caution" phrase also caught my attention…
@daniel_bohrer yeah. It suggests that not changing keys (and therefore not disclosing the leak) would have been an alright move to make, which …
@alpha I push to GitHub on the order of 10+ times a day, seeing an image that often will get you to recognise it (or what would be the purpose of them)
Questions came up: You can make SSH always show the host key ASCII art, and with servers you use often, such as GitHub, you'll start to recognise them very soon.
Host *
VisualHostKey yes
@alpha I mean, I also add them to the known_hosts file, I just also have the ascii art displayed, because it doesn't cost me anything, and now I know what it looks like in case I access the server from other devices.
(Where I don't habitually check host key fingerprints before I add them to the known hosts.)