Skip to content
QCecuring Documentation

On-Premises Installation

On-Premises Installation

Section titled “On-Premises Installation”

Install SSH-KLM directly on Linux servers for air-gapped environments or when container runtime is not available.

Use Cases

Section titled “Use Cases”
  • Air-gapped or restricted environments
  • Compliance requirements prohibiting containers
  • Direct hardware access requirements
  • Legacy infrastructure integration

Prerequisites

Section titled “Prerequisites”
RequirementSpecification
OSUbuntu 20.04/22.04 LTS, RHEL 8/9
CPU4+ cores
Memory8+ GB RAM
Disk50+ GB SSD
PostgreSQL14+ (local or remote)
Redis7+ (local or remote)

Step-by-Step Guide

Section titled “Step-by-Step Guide”

Step 1: Install Dependencies

Section titled “Step 1: Install Dependencies”

Ubuntu/Debian:

Terminal window
sudo apt update
sudo apt install -y curl gnupg2 ca-certificates

RHEL/CentOS:

Terminal window
sudo dnf install -y curl gnupg2 ca-certificates

Step 2: Add Repository

Section titled “Step 2: Add Repository”
Terminal window
# Add QCecuring GPG key
curl -fsSL https://packages.qcecuring.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/qcecuring.gpg


# Add repository (Ubuntu)
echo "deb [signed-by=/usr/share/keyrings/qcecuring.gpg] https://packages.qcecuring.com/apt stable main" | \
  sudo tee /etc/apt/sources.list.d/qcecuring.list


# Update package list
sudo apt update

Step 3: Install SSH-KLM

Section titled “Step 3: Install SSH-KLM”
Terminal window
sudo apt install -y ssh-klm

Step 4: Configure Database

Section titled “Step 4: Configure Database”
Terminal window
# Edit configuration
sudo nano /etc/ssh-klm/config.yaml
/etc/ssh-klm/config.yaml
database:
  host: localhost
  port: 5432
  name: sshklm
  username: sshklm
  # Password from environment variable


redis:
  host: localhost
  port: 6379


server:
  port: 8081
  host: 0.0.0.0

Step 5: Initialize Database

Section titled “Step 5: Initialize Database”
Terminal window
# Run migrations
sudo ssh-klm migrate up


# Create admin user
sudo ssh-klm admin create \
  --email admin@yourcompany.com \
  --password your-secure-password

Step 6: Start Services

Section titled “Step 6: Start Services”
Terminal window
# Enable and start services
sudo systemctl enable ssh-klm-api ssh-klm-worker
sudo systemctl start ssh-klm-api ssh-klm-worker


# Check status
sudo systemctl status ssh-klm-api

Step 7: Configure Firewall

Section titled “Step 7: Configure Firewall”
Terminal window
# UFW (Ubuntu)
sudo ufw allow 8081/tcp


# firewalld (RHEL)
sudo firewall-cmd --permanent --add-port=8081/tcp
sudo firewall-cmd --reload

Examples

Section titled “Examples”

Systemd Service Files

Section titled “Systemd Service Files”
/etc/systemd/system/ssh-klm-api.service
[Unit]
Description=SSH-KLM API Server
After=network.target postgresql.service redis.service


[Service]
Type=simple
User=sshklm
Group=sshklm
EnvironmentFile=/etc/ssh-klm/env
ExecStart=/usr/bin/ssh-klm-api serve
Restart=always
RestartSec=5


[Install]
WantedBy=multi-user.target

Environment File

Section titled “Environment File”
/etc/ssh-klm/env
DATABASE_PASSWORD=your-secure-password
REDIS_PASSWORD=your-redis-password
JWT_SECRET=your-jwt-secret-minimum-32-characters

Troubleshooting

Section titled “Troubleshooting”

Service Won’t Start

Section titled “Service Won’t Start”

Issue: ssh-klm-api.service fails to start

Solution:

Terminal window
# Check logs
sudo journalctl -u ssh-klm-api -f


# Verify config
sudo ssh-klm config validate

Database Connection Failed

Section titled “Database Connection Failed”

Issue: Cannot connect to PostgreSQL

Solution:

Terminal window
# Test connection
psql -h localhost -U sshklm -d sshklm


# Check pg_hba.conf for local connections
sudo nano /etc/postgresql/14/main/pg_hba.conf

Next Steps

Section titled “Next Steps”
Section titled “Related Pages”