Why can't I get an rsa key fingerprint for Github instead of a ED25519 key fingerprint?

Question

I'm starting a coding bootcamp pretty soon and in a tutorial they have given me they tell me to only accept an rsa key fingerprint of SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.

I keep getting an ED25519 key fingerprint of SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.

Does it really matter if I accept this instead of the rsa key fingerprint?

Answer 1

It used to be that GitHub offered only RSA and DSA keys as host keys. However, that changed recently, and GitHub now offers ECDSA and Ed25519 keys as well (and has removed the DSA key, since it's insecure). On a fresh system, the latest versions of OpenSSH will prefer the Ed25519 key over the RSA key, which is normal and fine.

The GitHub API meta endpoint lists both the correct fingerprints and the actual SSH keys themselves. From a cursory glance, you appear to have the correct fingerprint, but you can verify that by pasting the fingerprint from the API at the prompt.

There is no reason to force the use of an RSA key here, but if you really want to do so, you can run ssh -oHostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 -T [email protected].

While in general, you should always verify the SSH key fingerprint, in this case, the fingerprint is correct but it's just a different key. You should let the maintainers of this tutorial know that their information is out of date and that they should update the documentation.