GitHub Revokes Duplicate SSH Authentication Keys

The SSH protocol used by GitHub allows you to log in without a user name or password. To do this, users would need to establish an SSH keypair and add the public key to their accounts’ SSH key settings.

You may use the key with a Git client to automatically log in to GitHub without having to enter in your username and password once you’ve added it to your account.

SSH Keys Revoked by GitHub

GitHub and Axosoft, LLC, the developers of the popular GitKraken Git client, confirmed today that they have revoked weak SSH keys generated by the software’s keypair package.

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client – GitKraken. An underlying issue with a dependency, called keypair, resulted in the GitKraken client generating weak SSH keys. This issue affected versions 7.6.x, 7.7.x, and 8.0.0 of the GitKraken client, and you can read GitKraken’s disclosure on their blog.

Today as of 1700 UTC, we’ve revoked all keys generated by these vulnerable versions of the GitKraken client that were in use on, along with other potentially weak keys created by other clients that may

Read More: