The following typographical conventions are used in SSH Communications Security documentation:
Table 1.1. Documentation conventions
|Bold||Menus, commands, GUI elements, strong emphasis||Click Apply|
|→||Series of menu selections||Select File → Save|
|Filenames, directories, URLs etc.||Refer to |
|Italics||Placeholder values in examples, reference to other documents or products, emphasis||See the Tectia SSH Client User Manual|
|#||See the Tectia SSH Client User Manual|
|$||In front of a command, $ indicates that the command is run as a non-privileged user.|
|OS#, OS$||In front of a command, OS# or OS$ indicates that the command is specific for certain operating systems. Multiple operating systems are separated with a /.|
|\||At the end of a line in a command, \ indicates that the command continues on the next line, but there was not enough space to show it on one line.|
A Note indicates neutral or positive information that emphasizes or supplements important points of the main text. A Note supplies information that may apply only in special cases (for example, memory limitations, equipment configurations, or specific versions of a program).
A Caution advises users that failure to take or to avoid a specified action could result in loss of data.
The following terms are used throughout the documentation.
Authorizer creates certificates with user’s roles as needed for users connecting to target hosts.
A certificate is a signed document that binds together the trusted issuer, and subject information such as public key, subject name, list of principals (role memberships), and information about access restrictions. Certificates on PrivX are short term, issued by the Authorizer, and verifiable using the Authorizer public key.
directory (in UI)
A directory in the PrivX UI refers to a source of user accounts, for example, an AD/LDAP directory.
Services by which PrivX users establish connections: SSH servers, RDP servers, and Web-login pages.
Host stores save host information, such as addresses, SSH/RDP services, and target-user-to-role mappings. Host stores also import hosts from existing directories.
When the connection information of a host is stored in PrivX, that host is considered a known host. Known hosts enable PrivX features including passwordless and certificate-based connections.
local user directory
Local user directory provides an easy way to create local users for authentication and role mapping. Authentication is done via username or email, and a password.
SSH and RDP clients supported by users' operating systems, such as OpenSSH client (ssh) or Remote Desktop client (mstsc).
OAuth2 service provides an authentication mechanism for a user to provide a username and password, and provides the given credentials against SSH PrivX Local User Store, and authentication providers, such as LDAP and AD.
Principals are unique identities used in OpenSSH certificates, such as user names, or the UUIDs of PrivX roles.
PrivX servers using the same database. A PrivX deployment consists of one or more PrivX servers.
Any user account that is available via PrivX. Includes both PrivX local users, and users from AD/LDAP directories users that have been added to PrivX.
An RDP server to which PrivX users can connect to.
See also target.
PrivX provides role-based access permissions: For a user to receive access permissions, they must be assigned to a role. Each role in the system has a unique principal (UUID) that represents the role in certificates and target host configurations.
In PrivX, role store integrates against user directories and identity providers, for example, LDAP and AD. Role store contains rules which are evaluated to automatically map existing LDAP/AD user groups and roles into PrivX roles which are in turn used to access target hosts.
An SSH server to which PrivX users can connect to.
See also target.
An identity and a host service that PrivX user(s) may connect to (for example, connecting to a host as root using SSH).
PrivX regards each unique idenity-service combination as a separate target. For example, connecting to a host as root using SSH is different from connecting to the host as root using RDP.
See also host service, target host and target user.
Any destination host for a connection that has been authenticated/authorized using PrivX. In other words, any host to which access is granted using PrivX.
The identity that PrivX users assume on target hosts.
A website to which PrivX users can connect to.
See also target.
Updated almost 2 years ago