So you have a question but can't see the answer? Please submit your question via this form.
Where can I buy PrivX and how much is it going to cost?
PrivX is available for purchase at the SSH Webshop and the price will depend on the desired plan. You can check your billing information by logging in to the SSH Webshop with your account.
Can I have a free trial?
There is a free version of PrivX limited by features, maximum number of hosts and concurrent connections. If you would like to trial or run proof of concept with the full feature set without limitations, please contact us.
Can I try PrivX online?
Absolutely, the SSH Webshop also has a PrivX test drive available.
Do you have any partners?
Partnerships with leading IAM, CIAM, and IDaaS vendors including Fujitsu, ForgeRock, Ubisecure, and Nordcloud validate partner interest in the product and will help SSH reach a considerably wider audience with superior seamless customer experience.
Is there a datasheet available?
You can download the datasheet by signing up here.
Can I use my own client on my workstation, or do I need to use a browser to connect to hosts using PrivX?
Yes, you can use your own client. PrivX will enable connecting to hosts via browser or native clients on Linux, Mac & Windows.
Do you have to install agents on target hosts?
PrivX is a zero footprint solution, so there's no need to install any software on target hosts.
Does PrivX provide access to the target host or to individual applications on the target host?
On RDP connections you can restrict which applications each user is able to access on the target Windows host, please see the documentation. On SSH connections access is provided to the target host itself, and limiting user rights on the respective target host (by e.g. restricted shells) is your decision and responsibility.
Does PrivX support High-Availability and load balancing?
Does PrivX work with Ansible or Chef?
How is data secured?
Sensitive data is split and stored in encrypted format. In transit, all database connections, intra micro-service connections and UI connections are encrypted via TLS.
How much file space is needed for a session recording?
Generally, SSH trails take a few megabytes per hour. For RDP trails, it depends greatly on the circumstances, i.e. your screen resolution and how much data is processed and moved. Fullscreen video will take several gigabytes per hour, while light administrative use with little animation on medium screen resolution takes approximately 100 megabytes per hour.
How are session recordings secured?
PrivX provides three-tiered security on session recordings:
- AES 128 and GCM based encryption
- Each trail file is secured with a unique key
- Each trail in turn within a trail file is also secured with a unique key
The master key is stored in the keyvault while the trail specific keys are stored in the filesystem. Additionally, the trail file names are confuscated on purpose, making it impossible to trace which file pertains to which session.
What is the format of the recordings?
The recordings are native SSH/Guacamole (RDP) protocol streams.
Can the recordings be played on any other application?
No. We will most likely add the capability to download the recordings as video files through the PrivX UI later .
Who can access the recordings from PrivX?
Access to recordings can be granted via a special role. Furthermore, all members of the privx-admin role have access to recording by default.
Can anyone download the recordings from the stored location?
As a PrivX admin, you choose the directory/NFS mount where the trails should be stored by defining it in the PrivX configuration files. PrivX does not manage permissions nor monitor the changes in that directory. You must make sure that the directory is sufficiently protected against unauthorized access.
Are the recordings backed up by PrivX?
No. PrivX admin is responsible for configuring the directory/NFS mount where trails should be stored and ensuring that it is regularly backed up.
Can I move/playback recordings between PrivX instances?
No. Each PrivX instance has its own master key that is required for processing the encrypted trail files.
How do I share a specific recording to the audit team in my company?
Make sure everyone in the audit team has the role granting access to the recordings.
What happens if I open a SSH session on multiple browser tabs?
Each session is stored as a separate trail file. We are considering implementing a feature where we can merge the activities by timeline into a single trail file and introduce anomaly detection.
What happens to the ongoing recording when my access token expires?
Consequently, your session also expires, thus ending the recording. A new session will result in a new trail file.
How do I know if a recording has been tampered with?
There is a mechanism to check file tampering. The timing is user configurable, by default it is run once per day. When attempting to playback a tampered recording, UI will notify the PrivX admin about the fact. Such files can no longer be played back by PrivX. The recording sizes and checksums are stored in the database, file system and as audit events. Assuming audit events are propagated from the PrivX host to an external SIEM, the sizes & checksums can be compared against stored values at a later date. PrivX also sends out an audit event to syslog when an audit file has been opened.
What do I do if PrivX throws "Failed to audit" error?
This could be a sign that the designated NFS mount for storing trails is out of space or PrivX does not have sufficient permission to write to that location. Please check the syslogs to debug the situation.
What do I do if PrivX cannot play the recorded file for some reason? Is there a backdoor?
This could happen if the file has been deleted or has been tampered with. In either case, there is nothing one can do about it. There is no backdoor by design.
How does PrivX create log data on user access to target hosts?
Versions up to PrivX 7 use syslog functionality LOG_DAEMON to write audit events. By default, the audit events end up in file /var/log/messages. From PrivX 8 onwards, CEF will use LOCAL6 instead of the LOG_DAEMON.
How do you see which user (identity) has accessed the host in host log data?
When using certificate-based authentication, the user identity is logged in the sshd logs on the target host. For example, when PrivX user ’superuser' logs in to target host as 'ec2-user’, /var/log/secure on target host logs it as follows:
Sep 17 07:15:07 ip-172-31-49-149 sshd: Accepted publickey for ec2-user from 220.127.116.11 port 3403 ssh2: RSA-CERT ID email@example.com:43836 serial 1059239823051326577 (serial 1059239823051326577) CA RSA SHA256:OmlS4VhEqBoGpm9AzgSYrvOaGSJyfot3Zf2ANMoY9So
How do you see user ID on the host log data when the user has accessed target host via a role in PrivX?
Here is an example log entry:
Jun 13 12:41:32 privx-bug-squash-host.novalocal SSH-PRIVX-AUDIT: [event="File-upload" eventID="320" connectionID="d12598fc-915a-49c8-55b8-d301d42d082a" connectionType="ssh" hostAddress="10.11.0.46:22" hostUuid="a04b10f4-c9e9-49bd-76b2-5cfdcc2f63e0" path="/root/ssh_targets.png" sessionID="5fd2447a-ff4e-4384-7ec3-79b908fc5bed" size="0" targetUsername="root" userID="1da90209-2072-44f6-a65d-0ba9880836c1"]”
Can PrivX monitor which files were transferred?
Yes, the audit logs include file transfer events and has the info on the filename and who transferred the file. With auditing enabled, you may also download the transferred files.