Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Installing Manually on Windows

On Windows, the initial installation of Management Agents can be done either manually or by using a third-party software deployment system. Initial installation via the Management Server is not supported.

The Management Agent uses and requires the MSI installation package 2.0 format used by the Windows Installer Service. This service is included by default in Windows 2000 SP3 (and later), 2003, and XP, so there is no need to install it separately on these systems.

To install the Management Agent on Windows NT (or Windows 2000 below SP3), you must have previously installed Windows Installer Service 2.0. This also requires that Windows NT is upgraded to Service Pack 6 or later. To install Windows Installer Service, locate and run InstMsiW.exe and follow the instructions. The installation requires rebooting for the service to become active.

On Windows Vista, .NET Framework 3.5 Service Pack 1 is reguired.

To install the Management Agent manually on Windows:

  1. Double-click the ssh-mgmt-agent-<v>-windows-x86.msi file (where <v> is the version number).

  2. Follow these steps in the installation wizard:

    1. At the introduction screen, click Next.

    2. Click the radio button to accept the license and then click Next.

    3. Select a location where you what to install the agent and click Next.

    4. Click Install.

    The wizard will install the Management Agent to the selected directory.

  3. Download a valid ICB from the Management Server administration interface (see Downloading ICBs), and copy it to the Management Agent installation directory:

    C:\Program Files\SSH Communications Security\SSH Tectia Manager\icb.dat

In case of problems, see Problems with Management Agents.

Alternatively, you can use command-line options (detailed in the next section) to perform the installation.

Command-Line Options

When deploying the Management Agent to multiple machines, a silent mode of installation is available. This section lists the command-line options for performing a silent installation.

MSI packages are generally installed from the command line with the following command:

msiexec.exe /i <path_to_msi_file> [options]

A typical script for a silent installation might look like this:

msiexec.exe /i "ssh-mgmt-agent-" /L* "C:\temp\setup.log" 
/qn INSTALLDIR="C:\Program Files\SSH Communications Security\SSH Tectia Manager" 
ICBDIR="H:\Management Settings" 

In this script:

  • /i <path_to_msi_file> specifies to msiexec.exe the MSI file to use.

  • /L* <path_to_log_file> indicates that a log of the installation is written.

  • /qn specifies that the installation should be silent.

  • ICBDIR="<path_to_icb_location>" specifies the directory name where the ICB file can be found.

  • INSTALLDIR="<path_to_installation_location>" specifies the directory name where the agent is installed. If this option is omitted, the default location "C:\Program Files\SSH Communications Security\SSH Tectia Manager" is used.

Installer Details

When deploying the Management Agent on Windows using the command-line scripts, you should know a little about how the installer works. The following is a step-by-step description of the actions the installer typically runs in silent mode or after the Install button has been pressed in the installation wizard mode.

Pre-Installation Phase

1. The installer shuts down any running Management Agent services: ssh-mgmt-sysmonitor.exe

2. The installer uninstalls any existing Management Agents. The installer removes service binary, agent-secsh.dat, and all registry entries associated with the application.

Installation Phase

3. The installer installs the following components to the path specified in the INSTALLDIR option:

  • the service binary: ssh-mgmt-sysmonitor.exe

  • the registry entries associated with the product

  • (Windows NT 4.0 only) Psapi.dll to Windows NT 4.0 systems that do not have it

4. The installer attempts to install the ICB file based on the ICBDIR variable:

  1. If a file named icb.dat is located in the directory specified by the ICBDIR variable passed to the installer, it will be copied to the installation directory.

  2. If no ICBDIR is specified, the installer checks the root of the C:\ drive for the file.

  3. If no icb.dat file exists, nothing happens here.

5. The installer starts the Management Agent service (ssh-mgmt-sysmonitor.exe).

The service is started when the host is rebooted, and it keeps running all the time.

See also Management Agent on Windows.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more