Setting Up Key Manager Agents
This chapter covers the necessary procedures for installing and configuring the agent package on various platforms, and for configuring the Key Manager agent.
A Key Manager agent is a small application that may be installed on a host that is to be managed by Key Manager. Hosts equipped with Key Manager agents initiate the management connection toward the Key Manager back end. Therefore the Key Manager back end does not need access credentials to agent- based hosts.
To enable agent-based connections between a host and the Key Manager Server, the target host must have a Key Manager agent installed on it. Additionally, Key Manager agents must be configured with an Initial Configuration Block (ICB) file.
A Key Manager agent is not the same thing as an SSH agent.
Hosts can also be managed using agentless connections, which do not require a Key Manager agent to be installed on the hosts. The differences between management connection types are detailed in Planning the Key Manager System Deployment.
# rpm -Uvh sshmgr-agent-X.Y.Z-linux-x86.rpm
You should modify the command to the following form:
# rpm -Uvh sshmgr-agent-6.3.0.49-linux-x86.rpm
If the directory only contains one version of the agent package, you can use a wildcard in place of the version string:
# rpm -Uvh sshmgr-agent-*-linux-x86.rpm
Agent packages are platform-specific. Make sure you install the agent package that is appropriate for the intended platform.
On Rocky Linux, newly created accounts have no passwords, and are locked. To unlock newly created accounts, you must assign them a password. On Key Manager back-end machines running Rocky Linux, the sshmgr user must be unlocked for agents to function.