Skip to main content

Zero Trust Host Limitations

The source hosts limitations are as follows:

  • Operating system: Red Hat or Rocky Linux 7.x, 8.x, and 9.x versions, Amazon Linux 2

  • Required SSH version: OpenSSH 6.9 or later, Tectia 6.6.0 or later

    For OpenSSH source hosts you also need nc, which can be installed using:

    # yum install -y nc
    note

    Default ncat version for RHEL 9.X and Rocky Linux 9.X is nmap-ncat-7.91, which does not work properly with Zero Trust. If this is your ncat version, you should remove it and install a newer version.

The destination hosts limitations are as follows:

  • Operating system: CentOS, Fedora, Debian, Red Hat, Ubuntu, Amazon Linux 2

  • Required Python version: 2.7.9+ or 3.6.5+

  • Required OpenSSH version: 6.9 or later

  • Network requirements: Connectivity to PrivX

note

PrivX version 27 does not work properly with the default cryptographic policies of RHEL 9 - this is fixed in PrivX 28. If you wish to use PrivX 27 for Zero Trust on RHEL 9, you need to set the cryptographic policies to legacy mode with the following command:

# update-crypto-policies --set LEGACY