5.4 KiB
title, intro, redirect_from, versions, miniTocMaxHeadingLevel, topics
| title | intro | redirect_from | versions | miniTocMaxHeadingLevel | topics | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sudo mode | To confirm access to your account before you perform a potentially sensitive action, {% data variables.product.product_location %} prompts for authentication. |
|
|
3 |
|
About sudo mode
To maintain the security of your account when you perform a potentially sensitive action on {% data variables.product.product_location %}, you must authenticate even though you're already signed in. For example, {% data variables.product.company_short %} considers the following actions sensitive because each action could allow a new person or system to access your account.
- Modification of an associated email address
- Authorization of a third-party application
- Addition of a new SSH key
After you authenticate to perform a sensitive action, your session is temporarily in "sudo mode." In sudo mode, you can perform sensitive actions without authentication. {% data variables.product.product_name %} will wait a few hours before prompting you for authentication again. During this time, any sensitive action that you perform will reset the timer.
{% ifversion ghes %}
{% note %}
Note: If {% data variables.product.product_location %} uses an external authentication method like CAS or SAML SSO, you will not receive prompts to enter sudo mode. For more information, contact your site administrator.
{% endnote %}
{% endif %}
"sudo" is a reference to a program on Unix systems, where the name is short for "superuser do." For more information, see sudo on Wikipedia.
Confirming access for sudo mode
To confirm access for sudo mode, you {% ifversion totp-and-mobile-sudo-challenge %}can{% else %}must{% endif %} authenticate with your password.{% ifversion totp-and-mobile-sudo-challenge %} Optionally, you can use a different authentication method, like {% ifversion fpt or ghec %}a security key, {% data variables.product.prodname_mobile %}, or a 2FA code{% elsif ghes %}a security key or a 2FA code{% endif %}.{% endif %}
{%- ifversion totp-and-mobile-sudo-challenge %}
- Confirming access using a security key {%- ifversion fpt or ghec %}
- Confirming access using GitHub Mobile {%- endif %}
- Confirming access using a 2FA code
- Confirming access using your password {%- endif %}
{% ifversion totp-and-mobile-sudo-challenge %}
Confirming access using a security key
You must configure two-factor authentication (2FA) for your account using a security key to confirm access to your account for sudo mode using the security key. For more information, see "Configuring two-factor authentication."
When prompted to authenticate for sudo mode, click Use security key, then follow the prompts.
{% ifversion fpt or ghec %}
Confirming access using {% data variables.product.prodname_mobile %}
You must install and sign into {% data variables.product.prodname_mobile %} to confirm access to your account for sudo mode using the app. For more information, see "{% data variables.product.prodname_mobile %}."
-
When prompted to authenticate for sudo mode, click Use GitHub Mobile.
-
Open {% data variables.product.prodname_mobile %}. {% data variables.product.prodname_mobile %} will display numbers that you must enter on {% data variables.product.product_location %} to approve the request.
-
On {% data variables.product.product_name %}, type the numbers displayed in {% data variables.product.prodname_mobile %}.
{% endif %}
Confirming access using a 2FA code
You must configure 2FA using a TOTP mobile app{% ifversion fpt or ghec %} or text messages{% endif %} to confirm access to your account for sudo mode using a 2FA code. For more information, see "Configuring two-factor authentication."
When prompted to authenticate for sudo mode, type the authentication code from your TOTP mobile app{% ifversion fpt or ghec %} or the text message{% endif %}, then click Verify.
Confirming access using your password
{% endif %}
When prompted to authenticate for sudo mode, type your password, then click Confirm.
