
Agent Connector Install: Ubiquity EdgeRouter X
Agent Connector Install: Ubiquity EdgeRouter X
The Ubiquity EdgeRouter X (ER-X/ER-X SFP) is a small-form factor router. In addition to performing routing services, it is a good vantage point to run the Agilicus Agent Connector.
The below instructions were tested on an EdgeRouter X SFP with v2.0.9, specifically:
# cat /etc/version
EdgeRouter.ER-e50.v2.0.9-hotfix.2.5402463.210511.1317
To install, first obtain the binary. You may do this on your workstation and then ‘scp’ the file to the router. Or, if you prefer, you may fetch it directly on the router:
curl -k https://www.agilicus.com/www/releases/secure-agent/stable/agilicus-agent-mipsle > /tmp/agilicus-agent-mipsle
chmod a+rx /tmp/agilicus-agent-mipsle
Note: Missing Let’s Encrypt Intermediary
The above command uses the -k switch to curl. This is not a best practice. The ER-X is missing the Let’s Encrypt Intermediary certificate (see link for more info). A better practice would be to install the correct certificate chain. You can do this if you wish by running the following commands from the ssh-interface of your ER-X. These are not required for the proper operation of the Agilicus Agent Connector.
curl -k https://letsencrypt.org/certs/lets-encrypt-r3.pem -o /etc/ssl/certs/lets-encrypt-r3.pem
sed -i ‘/^mozilla\/DST_Root_CA_X3/s/^/!/’ /etc/ca-certificates.conf
update-ca-certificates
Once the Agilicus Agent Connector is available, you will install it. This creates a service account (derived from your administrative privileges). A sample command line is offered in the Agilicus admin porttal, which may be pasted into the ssh shell.
Once you run this command, you will see output as below. Select the URL you are given, open it in your browser, and you will see a code. Paste this back into the ssh shell after it says ‘Enter verification code’.
You are now complete. The Agilicus Agent Connector can now be configured from the Admin portal (https://admin.YOURDOMAIN) as on all other platforms.
The Agilicus Agent Connector will self-update over time, no intervention is required.
We may check the status once installed as below.
Logs (if any) are generated to /var/log/messages (e.g. run ‘tail -F /var/log/messages’)
# systemctl status agilicus-agent
* agilicus-agent.service - Agilicus Agent
Loaded: loaded (/etc/systemd/system/agilicus-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-04-02 20:52:48 UTC; 25min ago
Main PID: 2311 (agilicus-agent)
CGroup: /system.slice/agilicus-agent.service
`-2311 /usr/bin/agilicus-agent client --cfg-file /etc/agilicus/agent/agent.conf.enc.yaml
Sample Install Log
The complete log of a sample install is below (in Sample Install log). Note that the agent-id has been replaced with XXXX, the url with auth.YOURDOMAIN.
root@EdgeRouter # /tmp/agilicus-agent-mipsle client --noauth-local-webserver --install --agent-id XXXXXX --oidc-issuer https://auth.YOURDOMAIN
INFO[2022-04-02T20:47:18.73380792Z] Starting client - version v0.103.0-2-g6426ea9
INFO[2022-04-02T20:47:20.051496565Z] Logging in...
Please go to the following link in your browser to retrieve the authentication
code:
https://auth.YOURDOMAIN/auth?client_id=agilicus-builtin-agent-connector&code_challenge=XXX&code_challenge_method=S256&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=openid+profile+email+offline_access+urn%3Aagilicus%3Aapi%3Aapplications%3Areader%3F+urn%3Aagilicus%3Aapi%3Aapplications%3Aowner%3F+urn%3Aagilicus%3Aapi%3Atraffic-tokens%3Aowner+urn%3Aagilicus%3Aapplication_service%3A%2A%3Aowner%3F&state=1648932440
Enter verification code: XXXXX
INFO[2022-04-02T20:47:33.654454145Z] Check if the agilicus-agent is already running as a service. If so stop it
INFO[2022-04-02T20:47:33.861799231Z] Create a directory at /etc/agilicus/agent
INFO[2022-04-02T20:47:33.86742643Z] Download public key file to /etc/agilicus/agent/public_key.json
INFO[2022-04-02T20:47:34.20758654Z] Create file /usr/bin/agilicus-agent-wrapper.sh
INFO[2022-04-02T20:47:34.208133734Z] Create file /etc/systemd/system/agilicus-agent.service
INFO[2022-04-02T20:47:34.214705946Z] Will install to /agilicus-agent-wrapper.sh -> {/usr/bin/agilicus-agent-wrapper.sh -rwxr-xr-x}
INFO[2022-04-02T20:47:34.222935941Z] Will install to /agilicus-agent.service -> {/etc/systemd/system/agilicus-agent.service -r--r--r--}
INFO[2022-04-02T20:47:34.228903565Z] Create a directory at /opt/agilicus/agent/tufmetadata/latest
INFO[2022-04-02T20:47:34.229172542Z] Create a directory at /opt/agilicus/agent/tufmetadata/stable
INFO[2022-04-02T20:47:34.231506505Z] Setup Agilicus secure store
INFO[2022-04-02T20:47:34.231803289Z] Create secure keyring for storing communication credentials in /etc/agilicus/agent
INFO[2022-04-02T20:50:22.200333955Z] Fetch agent configuration
INFO[2022-04-02T20:50:22.200632541Z] Write agent configuration file in /etc/agilicus/agent/agent.conf.enc.yaml
INFO[2022-04-02T20:50:23.331884724Z] Create a user and group named Agilicus to run the agilicus-agent service
INFO[2022-04-02T20:50:23.33220672Z] Copy executable to /opt/agilicus/agent
INFO[2022-04-02T20:50:23.332398268Z] Set permissions to Agilicus on /opt/agilicus/agent
INFO[2022-04-02T20:50:23.332631605Z] Create symlink from /usr/bin/agilicus-agent to /opt/agilicus/agent/agilicus-agent-mipsle
INFO[2022-04-02T20:50:24.193528983Z] Start agilicus-agent service
INFO[2022-04-02T20:50:25.230790359Z] Installation Complete
Related Configuration
Return to Product Configuration
- Resources – Overview, Concepts
- Connect to VTScada – Adding a Web Application
- Web Application Security
- Administrative Users
- Define Application: Proxy
- Authorisation rules
- Agent Connector Install: Raspberry Pi
- Linux, FreeBSD, Embedded Agent Connector Install
- Agent Connector Install: Ubiquity EdgeRouter X
- Audit Destinations
- Agent Connector Install: Netgate SG-1100 pfSense
- Identity Group Mapping
- Billing
- Auto-Create Users From Specific Domain With Google Workplace
- Organisation
- Authentication Audit
- Authentication Issuer
- Signup
- Microsoft ClickOnce
- Groups
- Agilicus Agent Windows Cluster
- Launchers
- Forwarding
- Usage Metrics
- Service Accounts
- Connectors
- Identity & Authentication Methods
- Content Security Policy
- Users
- Sign-In Theming
- Sign in With Apple
- Azure Active Directory
- Sign in With Microsoft
- Agilicus Agent (Desktop)
- Agent-Connector
- Zero-Trust SSH Access
- Theory of Operation: CNAME + DOMAIN
- Zero-Trust Desktop Access
- Command Line API Access
- Applications
- Permissions
- Profile
- Multi-Factor Authentication
- Authentication Rules
- Application Request Access
- OpenWRT Agent Connector Install
- Synology Agent Connector Install
- Authentication Clients
- Authentication Rules
- Shares
- Services
- Resource Permissions
- Resource Groups
- Legacy Active Directory