It’s time to update older SSH keys on GitHub—or risk organizations blocking your ability to contribute to their open source projects.
SSH, or Secure Shell, is a cryptographic protocol for secure data communication. Many projects hosting on GitHub—especially Application Programming Interfaces (APIs) which let a high volume of developers access secure app data—have developers generate SSH keys in order to be granted access to them. Developers can use these keys to ensure their own programs that rely on API data continue to have access.
Back in February, GitHub made a small but significant change to the way SSH keys work. It made them immutable, or unchangeable, after they’d been generated. Previously developers could change their SSH keys after they’d been created. Since February, however, developers can only create and delete keys, not alter keys that already exist.
Now, GitHub is finalizing that update by ensuring that organizations are able to block any keys created before the Feb. 24 announcement. That means developers using older keys may want to create new ones in order to see uninterrupted access to projects. Otherwise, organizations that maintain open source projects will have the option to remove their permissions.
GitHub will automatically send an email to any user who adds a new SSH key. However, developers can avoid a headache by identifying keys created before February and replacing them now.
Update: This article has been updated to clarify how the announcement will affect users’ keys.
Photo by Taki Steve