You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Doing a git clone blah on a fresh machine with a proper SSH credential means trying to authenticate the validity of the serving host at github.com
This causes you to need to trust a fingerprint that in reality people in most cases don't actually verify, opening them up to man-in-the-middle attacks
Solution
Ideally, we could re-use the same state management logic that lockstep has for keeping allow-listed firewall rules to also manage the allow-list for SSH hosts, enabling us to remove the manual step of verification and enabling us to avoid that initial prompt in the first place
