Skip to main content

Creating and Installing the Key Manager Agent ICB file

After you have installed the Key Manager agent on a host, the agent must be configured with an Initial Configuration Block (ICB). The ICB is used to configure the Key Manager agent with the necessary parameters for connecting to the Key Manager Server.

Creating a new ICB File

You need an agent ICB file for establishing agent-based connections. By default, Key Manager deployments come with the initial ICB file, which can be used to add agent-based hosts to the managed environment. If you opt to use the initial ICB file, you can skip ICB file creation.

You can review your current ICB files on the agent ICB page. Instructions for accessing this page are included in the following instructions.

To create an ICB file for configuring Key Manager agents:

  1. Access the agent ICB page by navigating to the Hosts page and clicking Add Hosts. Then select agentbased, and click Next.

  2. Under the Create new ICB file section, specify the following values for the new ICB:

    • a name that is unique among ICBs in the Key Manager system.

    • (Optional) A host group. If specified, the Key Manager agent will automatically add its host to this host group during its first connection to the Key Manager Server.

  3. Click Create ICB to create the ICB file.

To create an ICB file via the command-line client, use the create-icb command (note that hostgroupid is optional):

$ ssh-mgr-client create-icb -d name="Test ICB",hostgroupid=99

For detailed documentation about the relevant command-line client commands, see the PrivX Key Manager Administrator Manual.

Downloading and Installing the ICB File

Key Manager agents are configured to connect to Key Manager using an ICB file. ICB files must be downloaded from Key Manager, then installed on the agent-based host.

To download an existing ICB file via the GUI:

  1. Access the agent ICB page by navigating to the Hosts page and clicking Add Hosts. On that page, select agent-based, and click Next.

  2. Next to the ICB file you want to download, click Download.

Alternatively, using the command-line client:

  1. (Optional): To determine the ICB files available in the system, use list-icbs:
$ ssh-mgr-client list-icbs -H -C id,name
  1. Download the ICB file using download-icb:
$ ssh-mgr-client download-icb -i 99

For detailed documentation about the relevant command-line client commands, see the PrivX Key Manager Administrator Manual.

After you have downloaded the ICB file, you need to install it on your agent-based hosts:

  • On Unix hosts, use the ICB utility to configure that agent with the ICB file (replace path/to/agent-icb.json with the path where your downloaded ICB file is):

    # /opt/sshmgr-agent/bin/ssh-agent-install-icb path/to/agent-icb-json

  • On Windows hosts, the ICB file must be placed in the directory where the agent package was installed. This default directory is:

    C:\Program Files (x86)\SSH Communications Security\SSH UKM Agent

caution

Do not use text editors to open and save ICB files. Text editors such as Notepad may introduce white spaces into the ICB file that may prevent the Key Manager agent from working correctly.