Stop Blindly Trusting Git Clone Fingerprints

4 days ago
11

How to verify fingerprints when cloning a GitHub repo, i.e. when you see this:

The authenticity of host 'github.com (140.82.112.3)' can't be established.
ED25519 key fingerprint is SHA256: +DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
No matching host key fingerprint found in DNS.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Loading 1 comment...