GitHub Enterprise integration
You can use PrivX to authenticate git
commands toward GitHub Enterprise.
High-level setup steps include:
- Configuring GitHub Enterprise to accept certificate authentication from PrivX.
- Enabling bastion connections via ProxyCommand, for providing automatic authentication against PrivX.
- Adding GitHub Enterprise as a connection target to PrivX.
To enable certificate authentication from PrivX to GitHub Enterprise:
Set up GitHub Enterprise to accept certificate authentication from PrivX. To do this, configure the following in your GitHub Enterprise:
Configure your organisation to accept certificate-authentication requests.
Set the PrivX CA certificate as a trusted CA key.
To obtain the PrivX CA certificate, go to the PrivX GUI Administration→Deployment→Deploy and Configure SSH target hosts, then select Configure manually, and copy the PrivX CA certificate from step 5 on that page.
Add a new PrivX role to provide GitHub access to users. To do this, go to the PrivX GUI Administration→Roles and click Add Role.
For all PrivX users who need access to GitHub Enterprise:
Add the user to the new role.
Enable the user to connect via PrivX SSH Bastion using ProxyCommand, as described in Connecting Directly Using ProxyCommand.
Add your GitHub host as a connection target. To do this, go to the PrivX GUI at Administration→Hosts and click Add Host.
Enter your GitHub-host address (use
github.com
for GitHub Enterprise Cloud) and host key. For the Certificate template, choose GitHub Enterprise:Add an account to the host, with the following criteria:
- Account type: Explicit.
- Username: The id of your organisation.
- Password: Leave empty to use certificate authentication.
- Roles: Add your GitHub role.
The username is not the name of the GitHub organization, it is the organization id prefixed with "org-". The id should be visible in the organization dashboard, if it is not you can fetch it through the GitHub API. To achieve this, create a personal API token with read:org permission. After which you can fetch the id using
curl -H "Authorization: token [your token]" https://api.github.com/orgs/[your org name]
Save the host.
Test that the SSH connection via PrivX works:
ssh org-1234567@github.com
The command should result in output similar to the following:
PTY allocation request failed on channel 0 Hi jdoe! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed.
Start using Git:
git clone org-1234567@github.com:some-org-name/testrepo.git
The default GitHub Enterprise certificate template in PrivX uses windows username for GitHub authentication. For more information about customizing certificate templates, see SSH Certificate Templates.