GitHub announced changes to the service related to strengthening the security of the Git protocol used in the process of performing git push and git pull operations via SSH or the βgit://β scheme (accesses via https:// will not be affected by the changes). Once the changes take effect, connecting to GitHub via SSH will require at least OpenSSH version 7.2 (released 2016) or PuTTY version 0.75 (released this May). For example, compatibility will be broken with the SSH client from CentOS 6 and Ubuntu 14.04, which are no longer supported.
The changes come down to deprecating support for unencrypted access to Git (via "git://") and strengthening the requirements for SSH keys used when accessing GitHub. GitHub will stop supporting all DSA keys and legacy SSH algorithms such as CBC ciphers (aes256-cbc, aes192-cbc aes128-cbc) and HMAC-SHA-1. In addition, additional requirements are introduced for new RSA keys (the use of SHA-1 will be prohibited) and support for ECDSA and Ed25519 host keys is implemented.
Changes will be introduced gradually. On September 14, new ECDSA and Ed25519 host keys will be generated. Support for new RSA keys based on SHA-2 will end on November 1 (previously generated keys will continue to work). On November 16, support for host keys based on the DSA algorithm will be discontinued. On January 11, 2022, support for older SSH algorithms and the ability to access without encryption will be temporarily discontinued as an experiment. On March 15, support for older algorithms will be permanently disabled.
Additionally, we can note the introduction of a default change to the OpenSSH codebase that disables the processing of RSA keys based on the SHA-1 hash ("ssh-rsa"). Support for RSA keys with SHA-256 and SHA-512 hashes (rsa-sha2-256/512) is left unchanged. The cessation of support for "ssh-rsa" keys is due to an increase in the effectiveness of collision attacks with a given prefix (the cost of selecting a collision is estimated at about 50 thousand dollars). To test if ssh-rsa is being used on your systems, you can try connecting via ssh with the "-oHostKeyAlgorithms=-ssh-rsa" option.
Source: opennet.ru