Skip to content

Installation on Linux (Asset Mode)

XplicitTrust can run on Linux systems in two modes:

  • Client Mode: for regular users to access services (like SSH, HTTPS, remote desktop, etc).

  • Asset Mode: services (like SSH, HTTPS, remote desktop, etc) can be remotely accessed from an XplicitTrust client, or from another system running in asset mode.

On this page are the instructions for Asset Mode.

Installation

We support both Debian-based and RPM-based Linux distributions.

To install the XplicitTrust agent, run: 

[ "$EUID" -ne 0 ] && SUDO=/usr/bin/sudo
$SUDO apt update
$SUDO apt -y install wget
wget https://dl.xplicittrust.com/xtna-agent_amd64.deb
$SUDO apt -y install ./xtna-agent_amd64.deb

To install the XplicitTrust agent, run: 

[ "$EUID" -ne 0 ] && SUDO=/usr/bin/sudo
$SUDO dnf check-update
$SUDO dnf install -y wget
wget https://dl.xplicittrust.com/xtna-agent_amd64.rpm
$SUDO dnf install -y ./xtna-agent_amd64.rpm

Configuration

  1. To register the machine as an asset and (optionally) add it to the default policy run: 
    sudo /usr/sbin/xtna-util -user <XplicitTrust admin email address> -default-policy
  2. Open the URL that xtna-util returns in a browser to authenticate.

  1. Go to the admin console settings page

  2. Create a new "Asset Creation Token", configure it, download and store it in a secure place

  3. Use the token to register assets

sudo /usr/sbin/xtna-util -domain <tenant domain> -token <token>

  1. Go to the admin console assets page

  2. Click "Create new" button, fill out form, click "Apply"

  3. Click "Download Config" icon at top of the form box:

    Running

  4. Copy the configuration to the asset and run:

sudo /usr/sbin/xtna-util -import xtna-*.xtconfig

Tested Linux Distributions

Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04, Ubuntu 23.04, Debian Bullseye 11 and newer versions, Rocky 8, Rocky 9

Troubleshooting

XplicitTrust Network Access can be used in virtual machines and containers (Docker, Podman, LXC, ...). For containers, the host's Linux kernel (version 5.6 or newer) must support WireGuard. Please note that templates and clones of virtual machines and containers must not include the directory 

```
/etc/XplicitTrust/
```  
and the file
```
/etc/xt-machine-id 
``` !

If the registration fails or the agent is not able to get Online check that outgoing HTTPS connections (TCP port 443) are allowed. For the best experience, allow outgoing connections on UDP port range 51820 - 60000.

Consult the FAQ to learn more about troubleshooting firewalls.