> "I wonder if SSH should really be used at all for git. While TLS certificates are relatively short lived these days thanks to Let’s Encrypt, SSH host keys live a very long time. If GitHub’s SSH host keys were stolen, how long would an attacker get away with intercepting communications?"
The solution is to use SSH Certificate Authentication as opposed to SSH Key Authentication. The Certificate has a forced expiry and is verified by a CA. Then interception is rendered a moot problem since keys are verified with the CA before use.
The solution is to use SSH Certificate Authentication as opposed to SSH Key Authentication. The Certificate has a forced expiry and is verified by a CA. Then interception is rendered a moot problem since keys are verified with the CA before use.