GitHub Enterprise integration

You can use PrivX to authenticate git commands toward GitHub Enterprise.

High-level setup steps include:

To enable certificate authentication from PrivX to GitHub Enterprise:

  1. Set up GitHub Enterprise to accept certificate authentication from PrivX. To do this, configure the following in your GitHub Enterprise:

    • Configure your organisation to accept certificate-authentication requests.

    • Set the PrivX CA certificate as a trusted CA key.

      To obtain the PrivX CA certificate, go to the PrivX GUI Administration→Deployment→Deploy and Configure SSH target hosts, then select Configure manually, and copy the PrivX CA certificate from step 5 on that page.

  2. Add a new PrivX role to provide GitHub access to users. To do this, go to the PrivX GUI Administration→Roles and click Add Role.

  3. For all PrivX users who need access to GitHub Enterprise:

  4. Add your GitHub host as a connection target. To do this, go to the PrivX GUI at Administration→Hosts and click Add Host.

    Enter your GitHub-host address (use github.com for GitHub Enterprise Cloud) and host key. For the Certificate template, choose GitHub Enterprise:

    Add an account to the host, with the following criteria:

    • Account type: Explicit.
    • Username: The id of your organisation.
    • Password: Leave empty to use certificate authentication.
    • Roles: Add your GitHub role.

📘

Note

The username is not the name of the GitHub organization, it is the organization id prefixed with "org-". The id should be visible in the organization dashboard, if it is not you can fetch it through the GitHub API. To achieve this, create a personal API token with read:org permission. After which you can fetch the id using

curl -H "Authorization: token [your token]" https://api.github.com/orgs/[your org name]

Save the host.

  1. Test that the SSH connection via PrivX works:

    ssh [email protected]
    

    The command should result in output similar to the following:

    PTY allocation request failed on channel 0
    Hi jdoe! You've successfully authenticated, but GitHub does not provide shell access.
    Connection to github.com closed.
    

    Start using Git:

    git clone [email protected]:some-org-name/testrepo.git
    

    📘

    Note

    The default GitHub Enterprise certificate template in PrivX uses windows username for GitHub authentication. For more information about customizing certificate templates, see SSH Certificate Templates.


Did this page help you?