Skip to content
QCecuring Documentation

Agent Installation

Agent Installation

Section titled “Agent Installation”

Install the SSH-KLM agent on target hosts for deep discovery and automated key rotation.

Overview

Section titled “Overview”

The SSH-KLM agent is a lightweight daemon that runs on target hosts, providing:

  • Real-time key discovery
  • Automated key rotation
  • Ephemeral key management
  • Secure communication with SSH-KLM server

Installation Methods

Section titled “Installation Methods”
Section titled “Script Installation (Recommended)”
Terminal window
# Download and run installer
curl -fsSL https://get.qcecuring.com/ssh-agent | sudo bash -s -- \
  --server https://ssh-klm.example.com \
  --token YOUR_REGISTRATION_TOKEN

Package Manager

Section titled “Package Manager”

Ubuntu/Debian:

Terminal window
curl -fsSL https://packages.qcecuring.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/qcecuring.gpg
echo "deb [signed-by=/usr/share/keyrings/qcecuring.gpg] https://packages.qcecuring.com/apt stable main" | sudo tee /etc/apt/sources.list.d/qcecuring.list
sudo apt update
sudo apt install ssh-klm-agent

RHEL/CentOS:

Terminal window
sudo dnf config-manager --add-repo https://packages.qcecuring.com/rpm/qcecuring.repo
sudo dnf install ssh-klm-agent

Docker

Section titled “Docker”
Terminal window
docker run -d \
  --name ssh-klm-agent \
  --restart unless-stopped \
  -v /etc/ssh:/etc/ssh:ro \
  -v /home:/home:ro \
  -e SSHKLM_SERVER=https://ssh-klm.example.com \
  -e SSHKLM_TOKEN=YOUR_TOKEN \
  qcecuring/ssh-klm-agent:latest

Configuration

Section titled “Configuration”

Edit /etc/ssh-klm-agent/config.yaml:

server:
  url: https://ssh-klm.example.com
  token: ${SSHKLM_TOKEN}  # From environment


agent:
  hostname: ${HOSTNAME}
  labels:
    environment: production
    team: platform


discovery:
  enabled: true
  paths:
    - /home/*/.ssh
    - /root/.ssh
    - /etc/ssh
  interval: 1h


rotation:
  enabled: true
  backupKeys: true

Verify Installation

Section titled “Verify Installation”
Terminal window
# Check agent status
sudo systemctl status ssh-klm-agent


# View agent logs
sudo journalctl -u ssh-klm-agent -f


# Test connectivity
sudo ssh-klm-agent status

Troubleshooting

Section titled “Troubleshooting”

Agent Not Connecting

Section titled “Agent Not Connecting”
Terminal window
# Check connectivity
curl -v https://ssh-klm.example.com/health


# Verify token
sudo ssh-klm-agent verify-token

Permission Denied

Section titled “Permission Denied”
Terminal window
# Agent needs read access to SSH directories
sudo usermod -aG ssh-klm-agent $(whoami)
Section titled “Related Pages”