> Thanks to our new servers, known bad keys[2] from Debian and Ubuntu are now blacklisted. We estimate that about 1000 keys in our database were impacted by this. If you get authentication errors using keys that worked a day ago, please double-check that they are not on our blacklist. If they are, you should ensure your software is updated and generate new keys. We’ve got a guide to help you out with this.
Woah, this new article says a lot of weak-Debian keys were found. Does this mean Github had a regression in their blacklisting since 2009? Or maybe they didn't blacklist enough originally?
Actually the facts are not incompatible here. There are two questions: Are weak Debian keys accepted in the web app? Are weak Debian keys accepted by their SSH.
The answers were yes and no. It's the same for most systems right now. You can put a weak Debian key in authorised keys, but you won't be able to login anyway.
> Thanks to our new servers, known bad keys[2] from Debian and Ubuntu are now blacklisted. We estimate that about 1000 keys in our database were impacted by this. If you get authentication errors using keys that worked a day ago, please double-check that they are not on our blacklist. If they are, you should ensure your software is updated and generate new keys. We’ve got a guide to help you out with this.
[1] https://github.com/blog/500-state-of-the-hub-rackspace-day-0
[2] https://github.com/blog/63-ssh-keys-generated-on-debian-ubun...