About sudo mode
To maintain the security of your account when you perform a potentially sensitive action on your GitHub Enterprise Server instance, you must authenticate even though you're already signed in. For example, GitHub considers the following actions sensitive because each action could allow a new person or system to access your account.
- Modification of an associated email address
- Authorization of a third-party application
- Addition of a new SSH key
- Creation of a PAT or application
After you authenticate to perform a sensitive action, your session is temporarily in "sudo mode." In sudo mode, you can perform sensitive actions without authentication. GitHub Enterprise Server has a two-hour session timeout period before prompting you for authentication again. During this time, any sensitive action that you perform will reset the timer.
Note: If your GitHub Enterprise Server instance uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator.
"sudo" is a reference to a program on Unix systems, where the name is short for "superuser do." For more information, see sudo on Wikipedia.
Confirming access for sudo mode
To confirm access for sudo mode, you can authenticate with your password. Optionally, you can use a different authentication method, like a security key or a 2FA code.
- Confirming access using a security key
- Confirming access using a 2FA code
- Confirming access using your password
Confirming access using a security key
You must configure two-factor authentication (2FA) for your account using a security key to confirm access to your account for sudo mode using the security key. For more information, see "Configuring two-factor authentication."
When prompted to authenticate for sudo mode, click Use security key, then follow the prompts.
Confirming access using a 2FA code
You must configure 2FA using a TOTP mobile app to confirm access to your account for sudo mode using a 2FA code. For more information, see "Configuring two-factor authentication."
When prompted to authenticate for sudo mode, type the authentication code from your TOTP mobile app, then click Verify.
Confirming access using your password
When prompted to authenticate for sudo mode, type your password, then click Confirm.