So you have a question but can't see the answer? Please submit your question via this form.


Buying and trying

Where can I buy PrivX and how much is it going to cost?

PrivX is available for purchase at the SSH Webshop and the price will depend on the desired plan. You can check your billing information by logging in to the SSH Webshop with your account.

Can I have a free trial?

All PrivX subscriptions start with a free 30-day trial period, please head over to the SSH Webshop to start your trial.

Can I try PrivX online?

Absolutely, the SSH Webshop also has a PrivX test drive available.

Do you have any partners?

Partnerships with leading IAM, CIAM, and IDaaS vendors including Fujitsu, ForgeRock, and Ubisecure validate partner interest in the product and will help SSH reach a considerably wider audience with superior seamless customer experience.


Product features

Is there a datasheet available?

You can download the datasheet by signing up here.

Can I use my own client on my workstation, or do I need to use a browser to connect to hosts using PrivX?

Yes, you can use your own client. PrivX will enable connecting to hosts via browser by default, but if you purchase the SSH agent add-on feature, users can connect using native clients on Linux & Mac. Support for Windows native clients such as PuTTY is on it’s way.

Do you have to install agents on target hosts?

PrivX is a zero footprint solution, so there's no need to install any software on target hosts.

Does PrivX provide access to the target host or to individual applications on the target host?

PrivX provides access to the target host. Limiting user rights on the respective target host (by e.g. restricted shells) is your decision and responsibility.

Does PrivX support High-Availability and load balancing?

Most definitely and there are several ways how this can be accomplished. Please take a look at our Standard HA and AWS HA examples.

Does PrivX work with Ansible or Chef?

Privx works with both, please see the documentation about Ansible and Chef.

How is data secured?

Sensitive data is split and stored in encrypted format. In transit, all database connections, intra micro-service connections and UI connections are encrypted via TLS.


Session recording and playback

How much file space is needed for a session recording?

It depends greatly on the circumstances, i.e. your screen resolution and how much data is processed and moved. Fullscreen video will take several gigabytes per hour, while light administrative use with little animation on medium screen resolution takes approximately 100 megabytes per hour.

How are session recordings secured?

PrivX provides three-tiered security on session recordings:

  1. AES 128 and GCM based encryption
  2. Each trail file is secured with a unique key
  3. Each trail in turn within a trail file is also secured with a unique key

The master key is stored in the keyvault while the trail specific keys are stored in the filesystem. Additionally, the trail file names are confuscated on purpose, making it impossible to trace which file pertains to which session.

What is the format of the recordings?

The recordings are native SSH/Guacamole (RDP) protocol streams.

How long are the recordings stored?

They are stored indefinitely.

Can the recordings be played on any other application?

No. We will most likely add the capability to download the recordings as video files later through the PrivX UI for the members of privx-admin role.

Who can access the recordings from PrivX?

Only members of privx-admin role can access the recordings.

Can anyone download the recordings from the stored location?

As a PrivX admin, you choose the directory/NFS mount where the trails should be stored by defining it in the PrivX configuration files. PrivX does not manage permissions nor monitor the changes in that directory.  You must make sure that the directory is sufficiently protected against unauthorized access.

Are the recordings backed up by PrivX?

No. PrivX admin is responsible for configuring the directory/NFS mount where trails should be stored and ensuring that it is regularly backed up.

Can I move/playback recordings between PrivX instances?

No. Each PrivX instance has its own master key that is required for processing the encrypted trail files.

How do I share a specific recording to the audit team in my company?

Currently, the recordings can only be viewed in PrivX by being a member of the privx-admin role.  We are considering to add the functionality to manage permissions for PrivX roles in the future.

What happens if I open a SSH session on multiple browser tabs?

Each session is stored as a separate trail file. We are considering implementing a feature where we can merge the activities by timeline into a single trail file and introduce anomaly detection.

What happens to the ongoing recording when my access token expires?

Consequently, your session also expires, thus ending the recording. A new session will result in a new trail file.

How do I know if a recording has been tampered with?

When attempting to playback a tampered recording, UI will notify the PrivX admin about the fact. Such files can no longer be played back by PrivX. The recording sizes and checksums are stored in the database, file system and as audit events. Assuming audit events are propagated from the PrivX host to an external SIEM, the sizes & checksums can be compared against stored values at a later date. PrivX also sends out an audit event to syslog when an audit file has been opened.

What do I do if PrivX throws "Failed to audit" error?

This could be a sign that the designated NFS mount for storing trails is out of space or PrivX does not have sufficient permission to write to that location. Please check the syslogs to debug the situation.

What do I do if PrivX cannot play the recorded file for some reason? Is there a backdoor?

This could happen if the file has been deleted or has been tampered with. In either case, there is nothing one can do about it. There is no backdoor by design.


Auditing

How does PrivX create log data on user access to target hosts?

PrivX uses syslog functionality LOG_DAEMON to write audit events. By default, the audit events end up into the file /var/log/messages.

How do you see which user (identity) has accessed the host in host log data?

When using certificate-based authentication, the user identity is logged in the sshd logs on the target host. For example, when PrivX user ’superuser' logs in to target host as 'ec2-user’, /var/log/secure on target host logs it as follows:

Sep 17 07:15:07 ip-172-31-49-149 sshd[21275]: Accepted publickey for ec2-user from 195.20.116.1 port 3403 ssh2: RSA-CERT ID superuser@127.0.0.1:43836 serial 1059239823051326577 (serial 1059239823051326577) CA RSA SHA256:OmlS4VhEqBoGpm9AzgSYrvOaGSJyfot3Zf2ANMoY9So

How do you see user ID on the host log data when the user has accessed target  host via a role in PrivX?

Here is an example log entry:

Jun 13 12:41:32 privx-bug-squash-host.novalocal SSH-PRIVX-AUDIT[11992]: [event="File-upload" eventID="320" connectionID="d12598fc-915a-49c8-55b8-d301d42d082a" connectionType="ssh" hostAddress="10.11.0.46:22" hostUuid="a04b10f4-c9e9-49bd-76b2-5cfdcc2f63e0" path="/root/ssh_targets.png" sessionID="5fd2447a-ff4e-4384-7ec3-79b908fc5bed" size="0" targetUsername="root" userID="1da90209-2072-44f6-a65d-0ba9880836c1"]”

Can PrivX monitor which files were transferred?

Yes, the audit logs include file transfer events and has the info on the filename and who transferred the file.