SSH.COM PrivX

SSH.COM PrivX Documentation Hub

Welcome to the SSH.COM PrivX documentation! Here you'll find the PrivX administration manual, use case specific guides as well as API specifications.

Documentation    API Reference

Your First SSH Connection

This article describes how to provide access from PrivX users to hosts. The high-level steps involve:

  • Adding users to PrivX.
  • Providing permissions to users by assigning them to roles.
  • Adding hosts to PrivX.

Prerequisites

You need a licensed PrivX deployment. To quickly set up PrivX, see Quick Server Setup.

You will also need a host for PrivX users to connect to This target host must satisfy the following:

  • The PrivX server must be able to establish SSH connections to the target host.

  • The target host has a root account that can be connected to via SSH.

Adding Local Users

Create users in PrivX, which allows people to log into hosts via PrivX:

  1. Navigate to the address of the PrivX server and log in as ​superuser​​.
    PrivX login pagePrivX login page

  2. In the PrivX GUI, navigate to the ​Administration→Users​ page and click ​Add User​​.
    Administration→Users page with Add User button highlightedAdministration→Users page with Add User button highlighted
    You will be presented with the ​New User​​ view.

  3. In the ​New User​ view, provide the required information about the user. Click ​Save​​ to save the user.
    New User page with basic user fields filled in, including: username, password & verify password, full name, and emailNew User page with basic user fields filled in, including: username, password & verify password, full name, and email

    You should now be able to see your new local user back on the ​Administration→Users​​ page.
    Users page displaying the newly createdUsers page displaying the newly created

PrivX provides access in a role-based manner. To create a role and assign members:

  1. In the PrivX GUI, navigate to the ​Administration→Roles​ page, and click ​Add Role​​.

    You will be presented with a form for providing information about the new role.

    Add Role view with one rule where directory is set to Local users and Search string is set to (principal=alice)Add Role view with one rule where directory is set to Local users and Search string is set to (principal=alice)

  2. Provide a name for the new role. Also add users to the role by defining rules. To define a new rule for the role, click ​Add Rule​​. In this example, we add a rule to include the local user(s) who have the principal ​alice​​ into the role:

    Add Role view with Matching users showing one matchAdd Role view with Matching users showing one match

    📘

    Note

    The number of role members is indicated by ​Matching users​​. The count is updated when you unfocus from the ​Search String​​ field (such as by pressing enter, or by clicking somewhere else in the GUI).

    Leave the other role settings as they are.

  3. Click ​Save​ to finalize role creation. Your new role should be visible back on the ​Administration→Roles​​ page.

    Dropdown menu next to the role. The List Members choice is highlighted in the dropdown menuDropdown menu next to the role. The List Members choice is highlighted in the dropdown menu
    Role members view listing alice as a memberRole members view listing alice as a member

Adding Hosts Manually

Make hosts accessible via PrivX:

On the ​Administration→Hosts​ page, click ​Add Host​​. Provide at least:

  • The ​Name​ and the network ​Addresses​​ of the host. This data helps users identify the target host.

  • The ​Services​​ (SSH and/or RDP servers) available on the host. In this example we add the SSH server by providing its FQDN address and port number.

  • The ​Accounts​ to which roles are mapped on the target host. Leave the ​Password​ empty to require password authentication upon connecting. In this example we allow the previously-created example role to access the host as target user ​root​​.

    📘

    Note

    If you are adding an RDP host which uses domain accounts, you must use the ​[email protected]​ syntax. For example, for domain account ​Domain\Administrator​​, the correct syntax is ​[email protected]​​.

  • Enable ​SSH - Trust on first use​​ to allow users to accept the SSH host key upon login.
    Add hosts view with basic host information filled in, including host name, comma-separated addresses. Also defines one SSH service with Trust on first use enabled. Finally, including one Explicit account mapping Example Role to rootAdd hosts view with basic host information filled in, including host name, comma-separated addresses. Also defines one SSH service with Trust on first use enabled. Finally, including one Explicit account mapping Example Role to root

    Click ​Save​​ to save the host.

    You may verify that the host is listed back on the ​Administration→Hosts​​ page.

Connecting via the GUI

After you have set up roles to access hosts, you may test connections as follows:

  1. Log into the PrivX GUI as the test user we created previously.

  2. Navigate to the ​Connections→Available Hosts​ page. The hosts you can connect to are listed under ​Available hosts​​.

    Expand a connection entry to display its available services. In this example, we click the SSH-server service to connect to our test host.

  3. Accept the SSH host key if prompted. Authenticate to the host by providing the password of the target account (not the PrivX account password). You should now be successfully connected to the host.

You may increase the security of future connections by enabling certificate authentication. For more information about certificate-authentication setup, see Certificate Authentication for OpenSSH Connections.

Updated 2 months ago


Your First SSH Connection


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.