Skip to main content

Agent and Agent-Monitor Options

The agent monitor controls the execution of the Key Manager agent: The Key Manager agent process is started and stopped whenever the agent monitor is respectively started/stopped. Furthermore, the agent monitor can automatically restart the Key Manager agent to recover from certain failure scenarios.

The agent monitor can be executed with options to change its behavior. The syntax for doing this is the following for all the supported Unix platforms:

# /opt/sshmgr-agent/sbin/ssh-agent-monitor [options]

The following options are available for the agent monitor:

-D

Print agent-debug output to stderr.

-u user_id

Run the agent as the user with the given user_id, instead of the root user.

-g group_id

Run the agent using the group with the given group_id, instead of the root group.

The Key Manager agent can be executed on its own without the agent monitor. The syntax for executing the Key Manager agent (without the agent monitor) is the following on all the supported Unix-agent platforms:

# /opt/sshmgr-agent/sbin/ssh-key-agent [options]

The available options for the Key Manager agent are as follows:

-D LEVEL, --debug=LEVEL

Set debug level string to LEVEL, where LEVEL is an integer from 0 to 5 (inclusive). Greater value
produces more output.

-f, --filelog

Log agent messages to stderr.

-s, --syslog

Log agent messages to syslog.

-V, --version

Display program version and exit.

-h, --help

Display help for the Key Manager agent.

note

Key Manager agent logging behavior should be primarily set using Key Manager host settings;
We recommend using Key Manager agent command-line options only for temporary log-
behavior changes, such as for troubleshooting purposes. When using of the command-line
options for logging behavior (--debug, --syslog, or --filelog), the logging settings obtained
from Key Manager host settings are ignored. For more information about host settings that affect
agent logging, see the PrivX Key Manager Administrator Manual.

When starting the Key Manager agent via the agent monitor, the agent user and group can also
be changed by setting the agent_uid and the agent_gid values in the agent-monitor init script.

The user running the Key Manager agent must have sufficient permissions for running
Key Manager management operations. By default, the agent is run as root, which should
automatically provide all the necessary permissions to the agent. Non-privileged users can be
given sufficient permissions, for example, using privilege-elevation utilities like sudo or pmrun.
For more information about granting required privileges to non-privileged users, see the PrivX
Key Manager Administrator Manual.