Why did GitHub site change?

Question

Some time ago (long enough that I have forgotten the details), I successfully set up SSH authentication for my GitHub repository (along with corresponding keys in RStudio). It worked fine.

But recently, it wouldn't let me push or pull due to a change of the site IP address. My PC, router, software, etc had not changed. I scrambled with an internet search and found a sort of solution involving an ssh-keygen command.

But now, still, I am getting messages like this:

I can type "yes" and things go through, and my GitHub site updates correctly. But I really don't understand this stuff very well, and I'm worried that I might have compromised it in some way. So my questions are:

1. Why did the IP address for github.com and/or its host key suddenly change?
2. Is my security compromised in any way?
3. What can I do to avoid getting this additional annoying confirmation step?

Answer 1

Github suffered a security incident that exposed their private SSH key, and they rotated it last Friday.

More info here: https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

The change caused the host key to be regenerated based on the new private key. Since you have a known_hosts entry for github that doesn't match the hostkey the server is presenting you now, you see this error to warn you that you might not be connecting to the system you think you are.

as to how to clean up the knownhosts issue, it depends on your OS/SSH client. for windows/openSSH see here: Where is the known_hosts file for OpenSSH for Windows?

for linux see here: https://www.howtouselinux.com/post/ssh-known_hosts-file

just delete the existing entry for github, and on next connect, accept the new host key to stop the confirmation prompts.