This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2020-05-23. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Article version: Enterprise Server 2.17

Allowing admins to enable anonymous Git read access to public repositories

To simplify how custom tools work on your instance and bypass authentication requirements, you can allow repository administrators to enable anonymous Git read access to public repositories on your GitHub Enterprise Server instance.

Note: If you enable anonymous Git read access, you're responsible for all access and use of this feature. GitHub will not be responsible for any unintended access or misuse of the feature. Also, you may not use this feature to violate your license from GitHub, including the limit on the number of user licenses you've ordered from us.

If private mode is enabled, you can allow repository administrators to enable anonymous Git read access to public repositories on your GitHub Enterprise Server instance. For more information about private mode, see "Enabling private mode."

Allowing anonymous Git read access enables you to bypass authentication for custom tools on your instance. When you or a repository administrator enable this access setting for a repository, unauthenticated Git operations (and anyone with network access to GitHub Enterprise Server) will have read access to the repository without authentication.

You can also prevent repository administrators from changing anonymous Git access settings for all repositories or a specific repository on your GitHub Enterprise Server instance. For more information, see "Preventing users from changing anonymous Git read access."

To see the repositories with anonymous Git read access enabled, filter the repositories list in the site admin dashboard.

Notes:

  • You cannot change the Git read access settings for forked repositories since they inherit their access settings from the root repository by default.
  • If a public repository becomes private, then anonymous Git read access will automatically be disabled for that repository and it forks.
  • If a repository with anonymous authentication contains Git LFS assets, it will fail to download the Git LFS assets since they still require authentication. We strongly recommend not enabling anonymous Git read access for a repository with Git LFS assets.
  1. In the upper-right corner of any page, click .
    Rocketship icon for accessing site admin settings
  2. In the left sidebar, click Enterprise.
    Enterprise tab in the Site admin settings
  3. In the enterprise account sidebar, click Settings.
    Settings tab in the enterprise account sidebar
  4. Under " Settings", click Options.
    Options tab in the enterprise account settings sidebar
  5. Under "Anonymous Git read access", use the drop-down menu, and click Enabled.
    Anonymous Git read access drop-down menu showing menu options "Enabled" and "Disabled"
  6. Optionally, to prevent repository admins from changing anonymous Git read access settings in all repositories on your instance, select Prevent repository admins from changing anonymous Git read access.
    Select checkbox to prevent repository admins from changing anonymous Git read access settings for all repositories on your instance

Enabling anonymous Git read access for a specific repository

Notes:

  • You cannot change the Git read access settings for forked repositories since they inherit their access settings from the root repository by default.
  • If a public repository becomes private, then anonymous Git read access will automatically be disabled for that repository and it forks.
  • If a repository with anonymous authentication contains Git LFS assets, it will fail to download the Git LFS assets since they still require authentication. We strongly recommend not enabling anonymous Git read access for a repository with Git LFS assets.
  1. In the upper-right corner of any page, click .
    Rocketship icon for accessing site admin settings
  2. In the search field, type the name of the repository and click Search.
    Site admin settings search field
  3. In the search results, click the name of the repository.
    Site admin settings search options
  4. In the upper-right corner of the page, click Admin.
    Admin Tools
  5. In the left sidebar, click Admin.
    Admin Tools
  6. Under "Danger Zone", next to "Enable Anonymous Git read access", click Enable.
    "Enabled" button under "Enable anonymous Git read access" in danger zone of a repository's site admin settings
  7. Review the changes. To confirm, click Yes, enable anonymous Git read access.
    Confirm anonymous Git read access setting in pop-up window
  8. Optionally, to prevent repository admins from changing this setting for this repository, select Prevent repository admins from changing anonymous Git read access.
    Select checkbox to prevent repository admins from changing anonymous Git read access for this repository

Ask a human

Can't find what you're looking for?

Contact us