Supported Authentication Methods
PrivX users can authenticate to target hosts using one of the following methods.
Stored password
Users are authenticated using passwords stored in PrivX. Users do not need to input credentials when connecting.
Advantages: Easy to set up.
Disadvantages: Weak passwords may compromise security.
Certificate
Users are authenticated using just-in-time certificates. PrivX automatically issues certificates as needed; users do not need to input credentials when connecting.
Advantages: Automatically expiring certificate that is never exposed to users, making this method the most secure option.
Disadvantages: Routers or older hardware might not support certificates. System times must be synchronized for certificate-based authentication to work correctly.
Public key
Users are authenticated using public keys provided by PrivX. Users do not need to input credentials when connecting.
Advantages: Public-key authentication is largely supported even on older and non-mainstream SSH servers.
Disadvantages: Public keys must be manually provisioned to target users on target servers. Public keys never expire, so they need to be manually renewed.
User-provided password
Users are prompted for password when connecting.
Advantages: No additional target-host configuration required.
Disadvantages: Users must provide the target-user password when connecting. Weak passwords may compromise security.
If a target supports multiple methods, the topmost supported method is used. User-provided password is enabled on all target hosts by default.
Also see Connection method vs feature matrix
Was this page helpful?