To keep your credentials secure, you should regularly review how long it's been since an authorized application accessed your GitHub Enterprise account. Similarly, you should remove any SSH keys that haven't been used recently.
Reviewing your authorized applications (OAuth)
Review your authorized applications to verify that no new applications with expansive permissions were authorized, such as those that have access to your private repositories.
In the top right corner of any page, click .
In the user settings sidebar, click Applications.
On the Applications Settings page, under Authorized Applications, review the tokens that have access to your account. For those that you don't recognize, or that are out-of-date, click Revoke. To revoke all tokens, click Revoke all.
Reviewing your SSH keys
Delete unauthorized (or possibly compromised) SSH keys to ensure that an attacker no longer has access to your repositories.
In the top right corner of any page, click .
In the user settings sidebar, click SSH keys.
On the SSH Settings page, take note of the SSH keys associated with your account. For those that you immediately don't recognize, or that are out-of-date, click Delete.
Open Terminal.
-
Start SSH agent in the background.
eval "$(ssh-agent -s)" # Agent pid 59566
-
Enter
ssh-add -l
and take note of the resulting fingerprints:ssh-add -l # 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
The SSH keys on GitHub Enterprise should match the same keys on your computer.
In the top right corner of any page, click .
In the user settings sidebar, click SSH keys.
On the SSH Settings page, take note of the SSH keys associated with your account. For those that you immediately don't recognize, or that are out-of-date, click Delete.
Open the command line.
-
Start SSH agent in the background.
ssh-agent -s # Agent pid 59566
-
Enter
ssh-add -l
and take note of the resulting fingerprints:ssh-add -l # 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
The SSH keys on GitHub Enterprise should match the same keys on your computer.
In the top right corner of any page, click .
In the user settings sidebar, click SSH keys.
On the SSH Settings page, take note of the SSH keys associated with your account. For those that you immediately don't recognize, or that are out-of-date, click Delete.
Open Terminal.
-
Start SSH agent in the background.
eval "$(ssh-agent -s)" # Agent pid 59566
-
Enter
ssh-add -l
and take note of the resulting fingerprints:ssh-add -l # 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
The SSH keys on GitHub Enterprise should match the same keys on your computer.
In the top right corner of any page, click .
In the user settings sidebar, click SSH keys.
On the SSH Settings page, take note of the SSH keys associated with your account. For those that you immediately don't recognize, or that are out-of-date, click Delete.
Open Terminal.
-
Start SSH agent in the background.
eval "$(ssh-agent -s)" # Agent pid 59566
-
Enter
ssh-add -l
and take note of the resulting fingerprints:ssh-add -l # 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
The SSH keys on GitHub Enterprise should match the same keys on your computer.
If you see an SSH key you're not familiar with on GitHub Enterprise, delete it immediately and contact your GitHub Enterprise site administrator for further help. An unidentified public key may indicate a possible security concern. For more information, see "Keeping your SSH keys safe."