ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。
記事のバージョン: GitHub.com

SSS 認証局について

Support for SSH certificate authorities is available with GitHub Enterprise Cloud and GitHub Enterprise Server 2.18+. For more information, see "GitHub's products."

With an SSH certificate authority, your organization or enterprise account can provide SSH certificates that members can use to access your resources with Git.

An SSH certificate is a mechanism for one SSH key to sign another SSH key. If you use an SSH certificate authority (CA) to provide your organization members with signed SSH certificates, you can add the CA to your enterprise account or organization to allow organization members to use their certificates to access organization resources. For more information, see "Managing your organization's SSH certificate authorities."

After you add an SSH CA to your organization or enterprise account, you can use the CA to sign client SSH certificates for organization members. Organization members can use the signed certificates to access your organization's repositories (and only your organization's repositories) with Git. You can require that members use SSH certificates to access organization resources. For more information, see "Enforcing security settings for organizations in your enterprise account."

For example, you can build an internal system that issues a new certificate to your developers every morning. Each developer can use their daily certificate to work on your organization's repositories on GitHub. At the end of the day, the certificate can automatically expire, protecting your repositories if the certificate is later compromised.

When you issue each certificate, you must include an extension that specifies which GitHub user the certificate is for. For example, you can use OpenSSH's ssh-keygen command, replacing KEY-IDENTITY with your key identity and USERNAME with a GitHub username:

ssh-keygen -s ./ca-key -I KEY-IDENTITY -O extension:login@github.com=USERNAME ./user-key.pub

Organization members can use their signed certificates for authentication even if you've enforced SAML single sign-on. Unless you make SSH certificates a requirement, organization members can continue to use other means of authentication to access your organization's resources with Git, including their username and password, personal access tokens, and their own SSH keys.

担当者にお尋ねください

探しているものが見つからなかったでしょうか?

弊社にお問い合わせください