Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Management Agent on Unix

The Unix version of the Management Agent consists of the Master, Router and Sysmonitor processes.

The components are installed as one RPM or other native package. The client also needs an ICB (Initial Configuration Block) file at the installation time to connect to the management system.

The processes are described in more detail below:

  • Master (ssh-mgmt-agent)

    • starts other processes and restarts them if they crash

    • logs all restarts and controls the restart rate

    • kills other processes if it is itself killed

    • passes command-line options to other processes

  • Router (ssh-mgmt-router)

    • connects to Management Agent (based on the ICB file), handles all restarts related to the management connection

    • handles encryption and authentication of packets (host-to-host protection [3DES+SHA1] and link protection [TLS])

  • Sysmonitor (ssh-mgmt-sysmonitor)

    • passes system information to the Management Agent (OS, OS version, etc.)

    • performs the Management Agent software updates and uninstallations

    • performs updates and uninstallations for the managed SSH Tectia software

    • searches for installed Secure Shell (client) binaries (ssh, ssh1, ssh2) from /usr/local/bin, /usr/bin, /bin, /usr/pkg/bin, /usr/opt/bin, /opt/bin, /opt/ssh2/bin (on HP-UX), finds out the vendor, version number, SSH product package (workstation vs. server) and license code, and reports them to the Management Agent

    • installs /var/run/sshmgmt-temp-log, (on HP-UX /var/opt/ssh-mgmt/sshmgmt-temp-log), into /etc/syslogd.conf, and reads log messages from there, and rotates this file daily, or whenever it exceeds one megabyte (this is used to extract Secure Shell related log messages and to send them to the Management Agent)

    • sends host public-key information to the Management Agent, and allows the Management Agent to manipulate (add, update, delete, query) the known hosts (public key) database

    • allows the Management Agent to update system-wide Secure Shell configuration file(s), restarts Secure Shell servers, and reverts to the old configuration if Secure Shell servers do not start

Hostname Resolution Mechanism

The hostname of a managed host is detected by the Management Agent, which reports the hostname to the Management Server. The Management Agent determines the fully qualified domain name (FQDN), trying to find a globally resolvable hostname (compared to what the host reports as its name), because this is important for host key naming and distribution.

The hostname resolution can be configured using the /etc/opt/ssh-mgmt/agent/agent-sysinfo.dat file on managed hosts. Instructions on configuration options are included in the comments of the file.