Installation on Raspberry Pi
On Raspberry Pi systems, the agent runs in asset mode.
Asset mode means services (like SSH, HTTPS, remote desktop, etc) can be remotely accessed from an XplicitTrust client, or from another system running in asset mode.
Installation
To install the XplicitTrust agent, run:
sudo apt update
sudo apt --yes install wireguard wireguard-tools wget iptables ipset
ARCH=$(sudo dpkg --print-architecture)
wget https://dl.xplicittrust.com/xtna-agent_${ARCH}.deb
sudo dpkg -i xtna-agent_${ARCH}.deb
Configuration
- To register the machine as an asset and (optionally) add it to the default policy run:
sudo /usr/sbin/xtna-util -user <XplicitTrust admin email address> -default-policy - Open the URL that xtna-util returns in a browser to authenticate.
-
Go to the admin console settings page
-
Create a new "Asset Creation Token", configure it, download and store it in a secure place
-
Use the token to register assets
sudo /usr/sbin/xtna-util -domain <tenant domain> -token <token>
-
Go to the admin console assets page
-
Click "Create new" button, fill out form, click "Apply"
-
Click "Download Config" icon at top of the form box:
-
Copy the configuration to the asset and run:
sudo /usr/sbin/xtna-util -import xtna-*.xtconfig
Supported Versions and Architectures
Tested for Raspbian / Raspberry Pi OS / Debian GNU/Linux 10 and newer versions on armhf and arm64
Troubleshooting
When creating a read-to-run image file for the Raspberry Pi, the directory
```
/etc/XplicitTrust/
```
and the file
```
/etc/xt-machine-id
```
must not be part of the image! We recommended the token-based asset registration described under "Unattended provisioning".
If the registration fails or the agent is not able to get Online check that outgoing HTTPS connections (TCP port 443) are allowed. For the best experience, allow outgoing connections on UDP port range 51820 - 60000.
Consult the FAQ to learn more about troubleshooting firewalls.