Shaun Abram

Technology and Leadership Blog

GitHub SSH key audit

Got this error recently when trying to do a fetch from github in Intellij:

fatal: The remote end hung up unexpectedly
ERROR: Hi sabram, it’s GitHub. We’re doing an SSH key audit.

Vague error but finally figured out that it is related to Github’s recent security compromise and that I needed to verify my SSH keys.

Couldn’t find much about the error on Google, so maybe this post will help someone else!

27 Mar 12 | Products

John Doe | March 27th, 2012 at 3:42 pm

If I’m not mistaken, they sent emails on this issue, saying, that one need to confirm keys or renew them
sabram | March 27th, 2012 at 9:31 pm

Indeed they did – which I missed…

A security vulnerability was recently discovered that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. This would have provided an attacker with clone/pull access to repositories with read permissions, and clone/pull/push access to repositories with write permissions. As of 5:53 PM UTC on Sunday, March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking additional precautions by forcing an audit of all existing SSH keys.

# Required Action

Since you have one or more SSH keys associated with your GitHub account you must visit https://github.com/settings/ssh/audit to approve each valid SSH key.

Until you have approved your SSH keys, you will be unable to clone/pull/push your repositories over SSH.