Skip to content

Pre-generating Endpoints

CyberHive Connect clients automatically generate cryptographic keys and exchange them with the server during registration. Alternatively, it is possible to pre-generate an endpoint.

Pre-generation enables you to download the client-side configurations and cryptographic keys, so that they may be placed on a client prior to initial registration. This can be useful in scenarios where connectivity is limited, for example when using satellite connectivity.

The keys and configuration are generated using the Connect control service, and are downloaded within a password-protected, AES-256 encrypted zip file. The client files may then be transferred to the client using off-line media, such as a USB drive.

Preparing to pre-generate an Endpoint

For pre-generation of an endpoint to succeed, the containing Organisation must have been set up with access control configured appropriately for your use-case.

For further information, see the tutorial.

Pre-generating an Endpoint

In the Connect control service, navigate to your Organisation, and select the Endpoints tab.

Select the Pre-Generate Endpoint option. You will be prompted for the new endpoint name:

New Endpoint Prompt

Enter the new endpoint name and click the Pre-Generate button. The name of the zip file plus the password will be displayed for you to copy:

Endpoint Details

Click the Download Zip File button to download the zip file.

Approval and primary user

Navigate to the new endpoint. You must approve the endpoint and set the correct primary user.

DNS

Once an Endpoint is approved, a DNS record is automatically created for it. See the Connect and DNS guide for more information.

Placing the pre-generated files on the client

Transfer the zip file to the client machine.

You will need an AES-256 zip compatible program to access the contents of the zip file. Examples are 7-zip, PKZIP, WinZip.

The files within the zip file must be placed in a specific directory.

On Windows this is C:\Windows\System32\config\systemprofile\AppData\Local\CyberHive\Connect

On Linux this is /root/.config/cyberhive-connect

Configuring the client settings

Info

See Configuration Options for more information on the available settings.

Configure the client settings as per the Linux or Windows how-to.

For example, on Linux, a configuration in /etc/default/cyberhive-connect would contain the following:

CONNECT_SERVER=https://control-service.connect.cyberhive.com/
[email protected]
CONNECT_AUTH_TOKEN=d437e0e6a48421712731c18a87585bd0a800173e
CONNECT_LISTEN_PORT=18025
CONNECT_OVERRIDE_HOSTNAME=endpoint-1

Hostnames

Endpoint hostnames can contain only letters, numbers, and hyphens and must be 63 characters or less in length. Valid hostnames look like desktop-pc, DESKTOP-PC, or DesktopPC.

Invalid hostnames look like desktop_pc, DESKTOP PC, desktop--pc, or -DesktopPC.

Hostnames are also case-insensitive unique within an Organisation. For example, desktop-pc, Desktop-PC, and DESKTOP-PC are identical in Connect.