EZSSH Helps you protect your code hosted in GitHub by removing the non-expiring ssh keys from the equation. Instead using your secure corporate identity to authenticate the engineers and issuing a short term SSH certificate that can be used to authenticate with GitHub.
In the settings page, make sure that GitHub Certificates are enabled for your subscription.
Enter the length in hours that you want your developers certificates to last (This is how ofter the engineer has to get a new certificate). Note: In Keytos we have it set to 8 hours so our engineers only request access once a day
Copy the CA Key and save it somewhere or leave this tab open. You will need it when setting up your GitHub Enterprise Security
When using GitHub Enterprise, you might let your engineers use their personal GitHub identity by linking it to your organization and their SAML Identity. To Give EZSSH Access to that mapping information, the following steps are needed:
1) Create GitHub Access Token
First we have to create a GitHub access token. To get started, go to https://github.com and login with an account that is an owner of the organization.
On the top right, click on your profile picture and then click on settings.
Then Click on Developer Settings.
Click on the “Personal access tokens” section.
Click the “Generate new token” button.
Enter a name for the token. For Example “EZSSH User Mapping”
Select following Scopes:
Click the “Generate token” button.
Copy your token (you will need it for part two).
Enabling the token for SSO
If your organization uses SSO, you will have to grant SSO Access to your token.
Click the “Enable SSO” button.
Authenticate with your SSO Identity.
2) Add Mapping Information to EZSSH
Once you have created your GitHub token, go to the EZSSH Portal, login with an account that owns the subscription that generates the GitHub certificates and go to settings.
Find the correct subscription in the settings page and expand the Advance Settings Tab.
Enable the “Map SAML Users to GitHub Users” option.