Agent Installation
Agent Installation
Section titled “Agent Installation”Install the SSH-KLM agent on target hosts for full key management capabilities.
Installation Methods
Section titled “Installation Methods”Quick Install (Recommended)
Section titled “Quick Install (Recommended)”curl -fsSL https://get.qcecuring.com/ssh-agent | sudo bash -s -- \ --server https://ssh-klm.example.com \ --token YOUR_REGISTRATION_TOKENPackage Manager
Section titled “Package Manager”Ubuntu/Debian:
# Add repositorycurl -fsSL https://packages.qcecuring.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/qcecuring.gpgecho "deb [signed-by=/usr/share/keyrings/qcecuring.gpg] https://packages.qcecuring.com/apt stable main" | \ sudo tee /etc/apt/sources.list.d/qcecuring.list
# Installsudo apt updatesudo apt install ssh-klm-agent
# Configuresudo ssh-klm-agent configure \ --server https://ssh-klm.example.com \ --token YOUR_TOKENRHEL/CentOS:
# Add repositorysudo dnf config-manager --add-repo https://packages.qcecuring.com/rpm/qcecuring.repo
# Installsudo dnf install ssh-klm-agent
# Configuresudo ssh-klm-agent configure \ --server https://ssh-klm.example.com \ --token YOUR_TOKENDocker
Section titled “Docker”docker run -d \ --name ssh-klm-agent \ --restart unless-stopped \ -v /etc/ssh:/etc/ssh:rw \ -v /home:/home:rw \ -v /root:/root:rw \ -e SSHKLM_SERVER=https://ssh-klm.example.com \ -e SSHKLM_TOKEN=YOUR_TOKEN \ qcecuring/ssh-klm-agent:latestAnsible
Section titled “Ansible”- name: Install SSH-KLM Agent hosts: all roles: - role: qcecuring.ssh_klm_agent vars: sshklm_server: https://ssh-klm.example.com sshklm_token: "{{ vault_sshklm_token }}"Verification
Section titled “Verification”# Check service statussudo systemctl status ssh-klm-agent
# Verify connectivitysudo ssh-klm-agent status
# View logssudo journalctl -u ssh-klm-agent -fRegistration Token
Section titled “Registration Token”Generate a token in the UI:
- Go to Settings → Agents
- Click Generate Registration Token
- Set expiry and host limit
- Copy token for installation
Firewall Requirements
Section titled “Firewall Requirements”| Direction | Port | Protocol | Purpose |
|---|---|---|---|
| Outbound | 443 | HTTPS | API communication |
| Outbound | 8443 | gRPC | Agent streaming |