Skip to content

Commit 83eb6f4

Browse files
docs-botdocs-bot
authored
Merge pull request #40840 from github/repo-sync
Repo sync
2 parents 74d1c98 + 876388e commit 83eb6f4

File tree

9 files changed

+581
-8
lines changed

9 files changed

+581
-8
lines changed

content/admin/administering-your-instance/administering-your-instance-from-the-command-line/command-line-utilities.md

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ topics:
1616
- Enterprise
1717
- SSH
1818
---
19+
1920
You can execute these commands from anywhere on the VM after signing in as an SSH admin user. For more information, see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh).
2021

2122
## General
@@ -140,6 +141,94 @@ This utility applies {% data variables.enterprise.management_console %} settings
140141
ghe-config-apply
141142
```
142143

144+
{% ifversion ghes > 3.18 %}
145+
146+
### ghe-crypto
147+
148+
This utility is used to verify and list {% data variables.enterprise.management_console %} `github-ssl` crypto settings for TLS and SSH connections.
149+
150+
The list of configurable `github-ssl` fields can be viewed via `ghe-crypto --help`.
151+
152+
#### Listing default cipher suites and algorithms
153+
154+
The `list` command returns default crypto settings for a given field. Use the `-o json` flag to output the results in JSON format.
155+
156+
To list TLS 1.2 cipher suites:
157+
158+
```shell
159+
ghe-crypto list tlsv12-ciphersuites
160+
```
161+
162+
To list TLS 1.3 cipher suites:
163+
164+
```shell
165+
ghe-crypto list tlsv13-ciphersuites
166+
```
167+
168+
To list SSH ciphers:
169+
170+
```shell
171+
ghe-crypto list ssh-ciphers
172+
```
173+
174+
To list SSH MAC algorithms:
175+
176+
```shell
177+
ghe-crypto list ssh-mac-algorithms
178+
```
179+
180+
To list SSH key exchange algorithms:
181+
182+
```shell
183+
ghe-crypto list ssh-kex-algorithms
184+
```
185+
186+
To list SSH signature types:
187+
188+
```shell
189+
ghe-crypto list ssh-signature-types
190+
```
191+
192+
Example output in JSON format:
193+
194+
```shell
195+
$ ghe-crypto list tlsv12-ciphersuites -o json
196+
> [
197+
> "ECDHE-ECDSA-AES128-GCM-SHA256",
198+
> "ECDHE-ECDSA-CHACHA20-POLY1305",
199+
> "ECDHE-ECDSA-AES256-GCM-SHA384",
200+
> "ECDHE-RSA-AES128-GCM-SHA256",
201+
> "ECDHE-RSA-CHACHA20-POLY1305",
202+
> "ECDHE-RSA-AES256-GCM-SHA384"
203+
> ]
204+
```
205+
206+
#### Checking cipher suites and algorithms
207+
208+
The `check` command validates a single line of crypto settings delimited by `,`. This is useful before applying configuration changes.
209+
210+
To check TLS 1.2 cipher suites:
211+
212+
```shell
213+
ghe-crypto check tlsv12-ciphersuites CIPHER1,CIPHER2,CIPHER3
214+
```
215+
216+
To check TLS 1.3 cipher suites:
217+
218+
```shell
219+
ghe-crypto check tlsv13-ciphersuites TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256
220+
```
221+
222+
To check SSH ciphers:
223+
224+
```shell
225+
ghe-crypto check ssh-ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
226+
```
227+
228+
For more information about configuring cipher suites and cryptographic algorithms, see [AUTOTITLE](/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls#configuring-cipher-suites-and-cryptographic-algorithms).
229+
230+
{% endif %}
231+
143232
### ghe-console
144233

145234
This utility opens the GitHub Rails console on your {% data variables.product.prodname_enterprise %} appliance. {% data reusables.command_line.use_with_support_only %}

0 commit comments

Comments
 (0)