Pretty unsafe, I think. And you can't turn it off. https://rushter.com/blog/public-ssh-keys/<p>Links to APIs:<p>https://docs.github.com/en/rest/reference/users#list-public-keys-for-a-user<p>https://docs.gitlab.com/ee/api/users.html#list-ssh-keys-for-user
The article (2 years old) explains you could get someone's public keys from github and then compare them with other public keys (they mention on ssh servers) to see if a person is using the same key elsewhere.<p>The argument boils down to the fact that ssh will also give you a list of valid public keys.<p>It doesn't seem very critical to me, and anyone who is worried could just use a different key for github which is good practice anyway imo
Public key, by definition, is public. Exposing something that’s public can do very little harm.<p>Here is more discussion:<p><a href="https://security.stackexchange.com/questions/150540/is-it-completely-safe-to-publish-an-ssh-public-key" rel="nofollow">https://security.stackexchange.com/questions/150540/is-it-co...</a>