OpenBSD Agent Installation
Overview
The Knocknoc OpenBSD Agent is orchestration software for managing just-in-time network access. It runs as the unprivileged _knocknoc-agent user, connects to your Knocknoc server over WebSocket, and enforces access locally through the configured integrations.
On OpenBSD the Knocknoc agent would typically be used to manage pf, however it can also drive remote integrations such as PAN-OS, Firepower, Sophos and AWS.
For more info in the ways the Knocknoc agent can be used, check out the Linux agent guide.
Requirements
- A supported OpenBSD release.
- Network egress to your Knocknoc server
- (Only for initial installation) Network egress to
packages.knocknoc.io. - (Only for initial installation) Root access on the host.
Installation
Run this command as root to install the agent:
ftp -o - https://packages.knocknoc.io/setup/setup_knocknoc_agent.sh | sh
This installs the agent, configures it, enables firewall access and starts it as a service.
Process:
- Log into your Knocknoc server admin console.
- Go to Agents and create a new agent with a meaningful name.
- Copy the generated registration token.
- Log into your OpenBSD host as root.
- Run the installation command above.
- Provide the Knocknoc server hostname (include a non-standard port if needed).
- Paste the agent token from the admin console.
To update later, re-run the same command.
Service management
The agent runs as the knocknoc_agent service:
rcctl restart knocknoc_agent
rcctl stop knocknoc_agent
rcctl check knocknoc_agent # is it running?
Logs go to syslog at /var/log/daemon.
Updating
Re-run the install command to update the agent to the latest version:
ftp -o - https://packages.knocknoc.io/setup/setup_knocknoc_agent.sh | sh
Your existing config is kept, and the service restarts on the new version.
Uninstalling
pkg_delete knocknoc-agent
Your config and the agent's data folder are left in place so a reinstall keeps working.