Your browser does not allow storing cookies. We recommend enabling them.


Management Agent on Windows

The Windows version of Management Agent carries out the same tasks as its Unix counterpart. However, its architecture is slightly different.

The Management Agent on Windows consists of:

  • one process

    • ssh-mgmt-sysmonitor.exe

  • one configuration file

    • agent-secsh.dat

  • two scripts

    • start-mgmt-agent.bat

    • stop-mgmt-agent.bat

  • one redistributable DLL for process control (on Windows NT 4.0 only)

    • Psapi.dll

All components are installed from the ssh-mgmt-agent-<v>-windows-x86.msi package (where v is the version number) by Windows Installer service 2.0 (required in the target machine). The agent also requires an ICB file, icb.dat, to be installed in the same directory as the executables at installation time to be able to connect to the Management Server.

Tectia Management Agent Service

The main component of the Management Agent is the service itself. The Management Agent takes care of connecting to the server, receiving updates and informing the server about installed products, status, and so on.

When the service is launched for the first time, it needs an ICB file (icb.dat) to make a connection to the Management Server. If a connection is established, the Management Server sends the Management Agent a configuration which the agent writes to disk (router.dat). The Management Agent then disconnects from the server and reconnects using the router.dat configuration options. From this point on, the icb.dat is no longer used.

If Management Agent is started without either the icb.dat or the router.dat files present (it checks in the directory where the service binary is located), it will wait for a file to appear and then try to connect. Therefore, the service does not have to be restarted if the icb.dat file is installed after the service has been started. The poll interval to check for this file is a few minutes, so if you require the Management Agent to connect immediately, restarting the service will speed things up.

If the host is deleted from the server via the administration interface, it will no longer be able to use the router.dat file to make a connection. In such a situation, the router.dat file located in the installation directory should be removed and a new or existing (if still valid) ICB file will initiate a new configuration for the host.

If the router.dat file is deleted, but a valid ICB file exists, the host will negotiate a new configuration from the server the next time it connects. It will appear as a new host in the system, even if it was already registered there before. In this case, you need to manually delete the old host from the administration interface.

Tectia Management Agent User Monitor

The user monitor component of the Management Agent synchronizes user-specific configuration files between a centrally stored set of configuration files and their own set.

When the Management Agent receives configuration files for Tectia Client they are stored in "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker". Host keys are stored in the "%ALLUSERSPROFILE%\Application Data\SSH\HostKeys" directory.

The user monitor then synchronizes the configuration (and HostKeys) between those centrally stored files and the user's own files, typically stored in %APPDATA%\SSH (and HostKeys subdirectory) for that user.

The user monitor component starts by default when a user logs in, and it is launched from a registry entry placed in:


Therefore, every user logging into the system will be running an instance of the user monitor which will perform their own synchronizations.


When deploying the Management Agent software, if you are logged on while the Management Agent software is installed or upgraded, you will need to log out and log back on to start the user monitor component.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more