I got the following from Github after their benign hacker incident:
Please audit your SSH keys
On Sunday March 4, 2012 a security vulnerability related to SSH keys (public keys) was discovered. For your protection and to prevent unauthorized access we have disabled your public keys until you approve them.
They want me to audit my SSH keys (a simple process). First, find your public key that you use on GitHub (probably in your .ssh directory if you are using a Mac). Then get its fingerprint. Here’s how you do that on a Mac:
Trinity:~ kelvin$ ls -l .ssh/id_rsa* -rw------- 1 kelvin staff 1743 Sep 11 2009 .ssh/id_rsa -rw-r--r-- 1 kelvin staff 400 Sep 11 2009 .ssh/id_rsa.pub Trinity:~ kelvin$ ssh-keygen -lf .ssh/id_rsa 2048 XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX .ssh/id_rsa.pub (RSA) Trinity:~ kelvin$
Using ssh-keygen you can get the fingerprint from your private key filename (it will look for your public key for you). That long list of “XX:XX” things will be a hexadecimal number that matches the key fingerprint at the bottom of the GitHub SSH audit page. If it doesn’t match then either Egor hacked you or you might have used a different key (keep looking!).