Your browser does not allow storing cookies. We recommend enabling them.


Management Agent on Windows

The Windows version of Management Agent carries out the same tasks as its Unix counterpart. However, its architecture is slightly different.

The Management Agent on Windows consists of:

  • one process

    • ssh-mgmt-sysmonitor.exe

  • one configuration file

    • agent-secsh.dat

  • two scripts

    • start-mgmt-agent.bat

    • stop-mgmt-agent.bat

  • one redistributable DLL for process control (on Windows NT 4.0 only)

    • Psapi.dll

All components are installed from the ssh-mgmt-agent-<v>-windows-x86.msi package (where v is the version number) by Windows Installer service 2.0 (required in the target machine). The agent also requires an ICB file, icb.dat, to be installed in the same directory as the executables at installation time to be able to connect to the Management Server.

Tectia Management Agent Service

The main component of the Management Agent is the service itself. The Management Agent takes care of connecting to the server, receiving updates and informing the server about installed products, status, and so on.

When the service is launched for the first time, it needs an ICB file (icb.dat) to make a connection to the Management Server. If a connection is established, the Management Server sends the Management Agent a configuration which the agent writes to disk (router.dat). The Management Agent then disconnects from the server and reconnects using the router.dat configuration options. From this point on, the icb.dat is no longer used.

If Management Agent is started without either the icb.dat or the router.dat files present (it checks in the directory where the service binary is located), it will wait for a file to appear and then try to connect. Therefore, the service does not have to be restarted if the icb.dat file is installed after the service has been started. The poll interval to check for this file is a few minutes, so if you require the Management Agent to connect immediately, restarting the service will speed things up.

If the host is deleted from the server via the administration interface, it will no longer be able to use the router.dat file to make a connection. In such a situation, the router.dat file located in the installation directory should be removed and a new or existing (if still valid) ICB file will initiate a new configuration for the host.

If the router.dat file is deleted, but a valid ICB file exists, the host will negotiate a new configuration from the server the next time it connects. It will appear as a new host in the system, even if it was already registered there before. In this case, you need to manually delete the old host from the administration interface.

Tectia Management Agent User Monitor

The user monitor component of the Management Agent synchronizes user-specific configuration files between a centrally stored set of configuration files and their own set.

When the Management Agent receives configuration files for Tectia Client they are stored in "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker". Host keys are stored in the "%ALLUSERSPROFILE%\Application Data\SSH\HostKeys" directory.

The user monitor then synchronizes the configuration (and HostKeys) between those centrally stored files and the user's own files, typically stored in %APPDATA%\SSH (and HostKeys subdirectory) for that user.

The user monitor component starts by default when a user logs in, and it is launched from a registry entry placed in:


Therefore, every user logging into the system will be running an instance of the user monitor which will perform their own synchronizations.


When deploying the Management Agent software, if you are logged on while the Management Agent software is installed or upgraded, you will need to log out and log back on to start the user monitor component.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now