GitHub Enterprise integration

You can use PrivX to authenticate git commands toward GitHub Enterprise.

High-level setup steps include:

To enable certificate authentication from PrivX to GitHub Enterprise:

  1. Set up GitHub Enterprise to accept certificate authentication from PrivX. To do this, configure the following in your GitHub Enterprise:

    • Configure your organisation to accept certificate-authentication requests.

    • Set the PrivX CA certificate as a trusted CA key.

      To obtain the PrivX CA certificate, go to the PrivX GUI Administration→Deployment→Deploy and Configure SSH target hosts, then select Configure manually, and copy the PrivX CA certificate from step 5 on that page.

  2. Add a new PrivX role to provide GitHub access to users. To do this, go to the PrivX GUI Administration→Roles and click Add Role.

  3. For all PrivX users who need access to GitHub Enterprise:

  4. Add your GitHub host as a connection target. To do this, go to the PrivX GUI at Administration→Hosts and click Add Host.

    Enter your GitHub-host address (use github.com for GitHub Enterprise Cloud) and host key. For the Certificate template, choose GitHub Enterprise:

    Add an account to the host, with the following criteria:

    • Account type: Explicit.
    • Username: The id of your organisation.
    • Password: Leave empty to use certificate authentication.
    • Roles: Add your GitHub role.

📘

Note

The username is not the name of the GitHub organization, it is the organization id prefixed with "org-". The id should be visible in the organization dashboard, if it is not you can fetch it through the GitHub API. To achieve this, create a personal API token with read:org permission. After which you can fetch the id using

curl -H "Authorization: token [your token]" https://api.github.com/orgs/[your org name]

Save the host.

  1. Test that the SSH connection via PrivX works:

    The command should result in output similar to the following:

    PTY allocation request failed on channel 0
    Hi jdoe! You've successfully authenticated, but GitHub does not provide shell access.
    Connection to github.com closed.
    

    Start using Git:

    git clone [email protected]:some-org-name/testrepo.git
    

    📘

    Note

    The default GitHub Enterprise certificate template in PrivX uses windows username for GitHub authentication. For more information about customizing certificate templates, see SSH Certificate Templates.