Garrett: We need better support for SSH host certificates

Public keys are public, though. https://github.com/geofft.keys lists all the keys that GitHub knows belongs to me, so anyone could "impersonate" GitHub to me if this were a thing the client tried to validate.

If you really wanted to go this route, you could add some additional secret that you create that GitHub has to prove to you - but this just goes further down the road of shared secrets, which Matthew is basically arguing is the whole problem here, and introduces symmetric crypto with inherent syncing problems. From experience at multiple sites that use Kerberos, which relies on symmetric crypto, key distribution is a giant pain and you basically need to copy private key material around when you have a fleet of servers load-balancing the same hostname, which puts you at immense risk of this sort of incident.

Instead, you want to lean harder on asymmetric crypto, add another layer of indirection, and have some sui-generis CA that signs the GitHub sshds, each one of which has its own key, and have the sshd send you the certificate and ask you to TOFU the CA's public key instead of the individual server's public key. Then each individual server can have its own keypair, the CA only needs to be brought online when provisioning a new server, and the only thing that needs to be sent across GitHub's internal network is public keys and public signatures of keys.