Linux Installation

Install the OnePAM agent on Linux servers with systemd service management.

System Requirements

Hardware
  • x86_64 or arm64 architecture
  • 50MB disk space
  • 50MB RAM (typical usage)
Software
  • Linux kernel 4.9+ (4.15+ recommended)
  • Root access or CAP_BPF capability
  • systemd (for service management)
  • Outbound HTTPS (443) to onepam.com and updates.onepam.com

Quick Install

Run this one-liner to install the agent with default settings: 

curl -sSL https://onepam.com/install/YOUR_ORG_UUID | sudo bash

The installer downloads and verifies agent artifacts from updates.onepam.com.

Manual Installation

For more control, follow these steps:

1. Download the agent binary
# Download the latest release
curl -LO https://updates.onepam.com/agent/latest/onepam-agent-linux-amd64

# Make executable
chmod +x onepam-agent-linux-amd64

# Move to installation directory
sudo mkdir -p /opt/onepam/bin
sudo mv onepam-agent-linux-amd64 /opt/onepam/bin/onepam-agent
2. Create directories and configuration
# Create directories
sudo mkdir -p /opt/onepam/data/queue /opt/onepam/etc

# Create configuration file
sudo tee /opt/onepam/etc/agent.env <<EOF
AGENT_API_URL=https://onepam.com
AGENT_TENANT_ID=00000000-0000-0000-0000-000000000000
AGENT_LOG_LEVEL=info
EOF
3. Create systemd service
sudo tee /etc/systemd/system/onepam-agent.service <<'EOF'
[Unit]
Description=OnePAM Agent
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=root
EnvironmentFile=/opt/onepam/etc/agent.env
ExecStart=/opt/onepam/bin/onepam-agent \
    --server=${AGENT_API_URL} \
    --tenant-id=${AGENT_TENANT_ID}
Restart=always
RestartSec=10
LimitNOFILE=65536
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target
EOF
4. Start the service
# Reload systemd
sudo systemctl daemon-reload

# Enable and start
sudo systemctl enable onepam-agent
sudo systemctl start onepam-agent

# Check status
sudo systemctl status onepam-agent

Distribution-Specific Notes

On Ubuntu 16.04+ and Debian 8+, the agent works out of the box on any version with systemd.

On RHEL 7+ / CentOS 7+ / Rocky 8+:

# Ensure bpftool is available
sudo dnf install bpftool

# SELinux may require additional configuration
sudo setsebool -P container_use_devices on

On openSUSE Leap 42.1+ / SLES 12+:

# Install required tools
sudo zypper install bpftool

For Linux distributions that do not include systemd (e.g. Debian 7 and earlier, Ubuntu 14.04 and earlier, CentOS 6, RHEL 6, SLES 11, or any distribution using SysVinit/Upstart), the local agent cannot be installed.

Use the Gateway SSH Proxy instead. The gateway authenticates and proxies SSH connections without requiring any software on the target server:

  • No agent installation needed on the target server
  • Works with any Linux distribution regardless of init system
  • Shields outdated OpenSSH versions from zero-day exploits
  • Full SSO, MFA, and session recording at the gateway

Verification

Check Service Status
sudo systemctl status onepam-agent

# Expected output:
# ● onepam-agent.service - OnePAM Agent
#      Loaded: loaded (/etc/systemd/system/onepam-agent.service; enabled)
#      Active: active (running)
View Logs
# Follow logs
sudo journalctl -u onepam-agent -f

# Look for these success indicators:
# [agent] Starting agent v1.0.0
# [agent] Agent registered successfully
# [agent] SSH proxy ready on :2222
Success! If the agent is running and logs show successful registration, you should see the server appear in your OnePAM dashboard within 1-2 minutes.

Uninstallation

# Stop and disable service
sudo systemctl stop onepam-agent
sudo systemctl disable onepam-agent

# Remove files
sudo rm -rf /opt/onepam
sudo rm -rf /opt/onepam/etc
sudo rm /etc/systemd/system/onepam-agent.service

# Reload systemd
sudo systemctl daemon-reload