Privileged Session Manager for SSH


CyberArk may choose not to provide maintenance and support services forPSM for SSH  with relation to any end-user client machine or target platforms which have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more details, contact your CyberArk support representative.

PSM for SSH  is a CyberArk component that enables you to secure, control and monitor privileged access to Linux and Unix systems, network devices and any other SSH-based devices. PSM for SSH requires a dedicated machine which is accessible to the network.

Supported Operating Systems

PSM for SSH can be installed on the following operating systems:

  • Red Hat Enterprise Linux 6.x versions (6.4 and above) and 7.x versions.
  • CentOS Linux 6.x versions (6.4 and above) and 7.x versions.

    Security patches, and OS vendor recommended minor 6.x or 7.x RHEL and CentOS upgrades can be applied on the server without reinstalling PSM for SSH.

  • SUSE Linux Enterprise Server 11 SP4, 12, 12 SP1, 12 SP2
  • PSM for SSH can be installed on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platforms

Minimum server requirements

PSM for SSH supported protocols

Unix, Linux and Network devices using the following protocols:
SSH (including SSH-Tunneling)

Supported SSH clients on the end-user machine

PSM for SSH allows access from any SSH client that can connect to an OpenSSH 7.7 server.

OpenSSH 7.7 requires that Open SSL V1.01 or above be installed.

Supported connections

PSM for SSH supports connections to remote machines using IPv4 and IPv6 addresses.

Storage requirement on the Digital Vault server

PSM for SSH stores the session recordings on the Digital Vault server. The estimated storage requirement is approximately 1-5 KB for each minute of a recording session. The recording size is affected by the number of activities that are performed during the session.

For example, 5 GB of storage will be sufficient for recording 10 hours of activities per day retained for 5 years.

CyberArk component compatibility

AD Bridge capabilities