GitHub Enterprise integration

You can use PrivX to authenticate git commands toward GitHub Enterprise.

High-level setup steps include:

Configuring GitHub Enterprise to accept certificate authentication from PrivX.
Enabling bastion connections via ProxyCommand, for providing automatic authentication against PrivX.
Adding GitHub Enterprise as a connection target to PrivX.

To enable certificate authentication from PrivX to GitHub Enterprise:

Set up GitHub Enterprise to accept certificate authentication from PrivX. To do this, configure the following in your GitHub Enterprise:
- Configure your organisation to accept certificate-authentication requests.
- Set the PrivX CA certificate as a trusted CA key.
  To obtain the PrivX CA certificate, go to the PrivX GUI Administration→Deployment→Deploy and Configure SSH target hosts, then select Configure manually, and copy the PrivX CA certificate from step 5 on that page.
Add a new PrivX role to provide GitHub access to users. To do this, go to the PrivX GUI Administration→Roles and click Add Role.
For all PrivX users who need access to GitHub Enterprise:
- Add the user to the new role.
- Enable the user to connect via PrivX SSH Bastion using ProxyCommand, as described in Connecting Directly Using ProxyCommand.
Add your GitHub host as a connection target. To do this, go to the PrivX GUI at Administration→Hosts and click Add Host.
Enter your GitHub-host address (use github.com for GitHub Enterprise Cloud) and host key. For the Certificate template, choose GitHub Enterprise:
Add an account to the host, with the following criteria:
- Account type: Explicit.
- Username: The id of your organisation.
- Password: Leave empty to use certificate authentication.
- Roles: Add your GitHub role.

The username is not the name of the GitHub organization, it is the organization id prefixed with "org-". The id should be visible in the organization dashboard, if it is not you can fetch it through the GitHub API. To achieve this, create a personal API token with read:org permission. After which you can fetch the id using

curl -H "Authorization: token [your token]" https://api.github.com/orgs/[your org name]

Save the host.

Test that the SSH connection via PrivX works:

ssh org-1234567@github.com

The command should result in output similar to the following:

PTY allocation request failed on channel 0
Hi jdoe! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

Start using Git:

git clone org-1234567@github.com:some-org-name/testrepo.git

The default GitHub Enterprise certificate template in PrivX uses windows username for GitHub authentication. For more information about customizing certificate templates, see SSH Certificate Templates.