From 43783ece44d11ea55592b0ef5c30cb2a98836dd0 Mon Sep 17 00:00:00 2001 From: Marcelo Almeida <2532492+marcelocra@users.noreply.github.com> Date: Thu, 5 Mar 2026 11:39:42 -0300 Subject: [PATCH 1/4] feat: Add GPG key fingerprint to SSH key fingerprints doc Updated the title and added GPG key information. --- .../githubs-ssh-key-fingerprints.md | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md index 9dd2925eb9f3..030f851732a0 100644 --- a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md +++ b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md @@ -1,5 +1,5 @@ --- -title: GitHub's SSH key fingerprints +title: GitHub's SSH & GPG key fingerprints intro: Public key fingerprints can be used to validate a connection to a remote server. redirect_from: - /articles/what-are-github-s-ssh-key-fingerprints @@ -12,6 +12,9 @@ versions: ghec: '*' shortTitle: SSH key fingerprints --- + +## SSH + These are {% data variables.product.prodname_dotcom %}'s public key fingerprints: {% data reusables.ssh.fingerprints %} @@ -21,3 +24,21 @@ You can add the following ssh key entries to your `~/.ssh/known_hosts` file to a {% data reusables.ssh.known_hosts %} For more information, see [AUTOTITLE](/rest/meta/meta#get-github-meta-information). + +## GPG + +> [!INFO] +> _The key expired in Sep. 2024. [It was updated](https://github.com/orgs/community/discussions/138304) and will be valid until Sep. 5, 2026._ + +Key ID is: + + 2C6106201985B60E6C7AC87323F3D4EA75716059 + +For cli/terminal verifications: + + 2C61 0620 1985 B60E 6C7A C873 23F3 D4EA 7571 6059 + +It is available at [https://cli.github.com/packages/githubcli-archive-keyring.gpg](https://cli.github.com/packages/githubcli-archive-keyring.gpg) and on the following keyservers: + +1. `keys.openpgp.org` +2. `keyserver.ubuntu.com` From b153e1d1b193ce5dc61b8df393a6bfd55dce80c4 Mon Sep 17 00:00:00 2001 From: Marcelo Almeida <2532492+marcelocra@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:05:16 -0300 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../githubs-ssh-key-fingerprints.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md index 030f851732a0..ed47aa3e4605 100644 --- a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md +++ b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md @@ -10,7 +10,7 @@ redirect_from: versions: fpt: '*' ghec: '*' -shortTitle: SSH key fingerprints +shortTitle: SSH & GPG key fingerprints --- ## SSH @@ -27,13 +27,17 @@ For more information, see [AUTOTITLE](/rest/meta/meta#get-github-meta-informatio ## GPG -> [!INFO] +This GPG key is used to sign {% data variables.product.prodname_cli %} archive and package releases (for example, Debian and RPM repositories served from `cli.github.com`). It is not used by {% data variables.product.prodname_dotcom %} to sign commits or releases in the web UI. +> [!IMPORTANT] > _The key expired in Sep. 2024. [It was updated](https://github.com/orgs/community/discussions/138304) and will be valid until Sep. 5, 2026._ -Key ID is: +Fingerprint is: 2C6106201985B60E6C7AC87323F3D4EA75716059 +Key ID is: + + 23F3D4EA75716059 For cli/terminal verifications: 2C61 0620 1985 B60E 6C7A C873 23F3 D4EA 7571 6059 From c0f1fe530f8ee5a2d53c2a6e0b9dba7d23460d3f Mon Sep 17 00:00:00 2001 From: Marcelo Almeida <2532492+marcelocra@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:07:08 -0300 Subject: [PATCH 3/4] refactor: Add newline --- .../githubs-ssh-key-fingerprints.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md index ed47aa3e4605..cf3ca9e5804d 100644 --- a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md +++ b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md @@ -28,6 +28,7 @@ For more information, see [AUTOTITLE](/rest/meta/meta#get-github-meta-informatio ## GPG This GPG key is used to sign {% data variables.product.prodname_cli %} archive and package releases (for example, Debian and RPM repositories served from `cli.github.com`). It is not used by {% data variables.product.prodname_dotcom %} to sign commits or releases in the web UI. + > [!IMPORTANT] > _The key expired in Sep. 2024. [It was updated](https://github.com/orgs/community/discussions/138304) and will be valid until Sep. 5, 2026._ From 3723aaf9e2b9be816c898a646ed615334e8051bd Mon Sep 17 00:00:00 2001 From: Marcelo Almeida <2532492+marcelocra@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:09:14 -0300 Subject: [PATCH 4/4] refactor: Add newline --- .../githubs-ssh-key-fingerprints.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md index cf3ca9e5804d..903e29d5e0fd 100644 --- a/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md +++ b/content/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.md @@ -39,6 +39,7 @@ Fingerprint is: Key ID is: 23F3D4EA75716059 + For cli/terminal verifications: 2C61 0620 1985 B60E 6C7A C873 23F3 D4EA 7571 6059