Granting Password-based root Access via Roles
This tutorial shows you how to add a local user and grant password-based root access on a target host to the user.
Key Concepts
- How to add users (Step 2)
- How to add roles (Step 3)
- How to map users to roles (Step 4)
- How to employ roles to grant access to target hosts (Steps 5-8)
- How to connect to target hosts (Steps 9-11)
Steps
- Login to PrivX as an admin user.
- Add a new local user via Settings -> Users -> Add User.
The added user is shown in the users list.
- Add a new role via Settings -> Roles -> Add Role.
- Our local example user ttester is mapped to role Root for ttester via his username with the corresponding search string (principal=ttester). Please note Matching users: 1 on top right.
The role is shown in the roles list.
- On Settings -> Hosts, click menu icon -> Edit on the host you want to allow connections to.
- Click Add Service to add the necessary services on the target host. In this example we will add type SSH and check the Trust on first use option.
- Click Add Account to map the role Root for ttester onto the root account of this target host. Please note that you will need to know the root account password to complete this step.
- Click Save to save changes to services and accounts.
- To verify target host connectivity, logout as the admin user and login as ttester.
- On Connections -> Available hosts, click the address of the desired target host to initiate connection.
- User ttester is granted root access on the target host. The root account password needs not be shared to the ttester and secrets remains safe.