Quick PrivX Setup
This article describes setting up PrivX for quick evaluation purposes. If you are setting up PrivX for production, refer to Deployment Overview instead.
To set up a PrivX server for evaluation purposes:
-
Add the EPEL and PrivX repositories for downloading PrivX packages and dependencies:
-
On Red Hat/Rocky Linux 9:
yum update
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
yum install postgresql-server # or postgresql if using an external DB
rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc
curl https://product-repository.ssh.com/rhel9/ssh-products.repo -o /etc/yum.repos.d/ssh-products.repo -
On Red Hat/Rocky Linux 8:
yum update
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install epel-release
dnf module enable postgresql:13
yum install postgresql-server # or postgresql if using external DB
rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc
curl https://product-repository.ssh.com/rhel8/ssh-products.repo -o /etc/yum.repos.d/ssh-products.repo -
On Amazon Linux 2023:
dnf update
dnf install postgresql15-server # or postgresql15 if using external DB
dnf install libxcrypt-compat
rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc
curl https://product-repository.ssh.com/rhel8/ssh-products.repo -o /etc/yum.repos.d/ssh-products.repo -
On Amazon Linux 2:
yum update
amazon-linux-extras install -y nginx1
amazon-linux-extras enable postgresql14
yum install postgresql-server
rpm --import https://product-repository.ssh.com/info.fi-ssh.com-pubkey.asc
curl https://product-repository.ssh.com/ssh-products.repo -o /etc/yum.repos.d/ssh-products.repocautionNote: When configuring PrivX with an external database, ensure that the
psql
client installed on the same machine as PrivX matches the version of the Postgresql server.
-
-
Install the latest PrivX packages with:
yum install PrivX
-
Configure PrivX with:
/opt/privx/scripts/postinstall.sh
The following lists the required information, along with some recommended values for evaluation setups:
- PKCS #11-keyvault settings:
N
- Number of trusted load balancers in front of PrivX node:
0
- NTP server address:
pool.ntp.org
- FQDN and IP address(es) of the server. You can obtain these by opening another terminal and running
hostname --fqdn
andip addr
respectively. - Local or external database:
L
- Database name and credentials. You can go with the defaults.
- Credentials for the initial superuser account.
Once the postinstall finishes, the PrivX server is operational.
- PKCS #11-keyvault settings:
-
License your PrivX server to enable its features:
Open a browser and navigate to the FQDN or IP address of your PrivX server. Log in with the superuser credentials provided earlier.
In the PrivX GUI, go to Administration→License and enter your license code.
You have now set up a PrivX server for evaluation purposes.