Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Transferring Files >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
        ssh-certview >>
        ssh-cmpclient >>
        ssh-scepclient >>
    Log Messages >>


SSH-CERTD(8)                   SSH2                  SSH-CERTD(8)

       ssh-certd  - Secure Shell Certificate Validator on z/OS

       ssh-certd [-d debug_level_spec] [-f config_file]
       [-o options] [-l listener-path] [-F] [-v] [-V] [-q]

       ssh-certd (Secure Shell Certificate Validator) is a common
       process  for  validating  certificates,  used primarily by
       sshd2 when validating user certificates. Without a  common
       place  for  the  validations,  all the data needed for the
       validation would need to be duplicated  in  every  process
       doing  the  validations.  This  would  be very inefficient
       especially in cases where very large CRLs are to be  used.
       ssh-certd  allows  CRLs  and  CA certificates to be loaded
       only once and then used for all subsequent validations.

       ssh-certd  is  normally  started   at   boot   time   from
       /etc/rc.local or equivalent. It opens a listener socket by
       default at /tmp/ssh-certd-listener. The  location  of  the
       listener can be changed with the CertdListenerPath keyword
       of sshd2_config.

       ssh-certd  can be configured using command-line options or
       a configuration file.  Command-line options override  val-
       ues  specified in the configuration file.  ssh-certd reads
       configuration data from /etc/ssh2/ssh_certd_config (or the
       file  specified  with -f on the command line). By default,
       the  configuration  file   contains   only   the   keyword
       UseSSHD2ConfigFile,  which instructs ssh-certd to read the
       specified sshd2 configuration file in compatibility  mode,
       where  the  configuration  options  of  sshd2 are silently
       ignored, and only the options relating to  certificate  or
       general daemon configuration are read.

       -d debug_level_spec
              Debug  mode.  The server sends verbose debug output
              to stderr. This option is only intended for  debug-
              ging for the server.  The debugging level is either
              a number, or a comma-separated list of  assignments
              of  the format ModulePattern=debug_level, for exam-
              ple "*=10,sshd2=2".  This should be the first argu-
              ment on the command line.

       -f configuration_file
              Specifies  the name of the configuration file.  The
              default is  /etc/ssh2/ssh_certd_config.   Note:  If
              this  is  specified, the default configuration file
              is not read at all.

       -o 'option'
              Can be used to give options in the format  used  in
              the configuration files.  This is useful for speci-
              fying options for which there is no  separate  com-
              mand-line  flag.  The option has the same format as
              a line in the configuration  file.   Comment  lines
              are  not  accepted.   Where applicable, egrep regex
              format is used.

       -l listener-path
              Specifies the path where the server will  open  the
              listener socket.

       -F     Disables  daemon mode.  The server does not spawn a
              new process to the background.

       -v     Enables verbose mode.  Displays  verbose  debugging
              messages.   Equal to -d 2.  This option can also be
              specified in the configuration file.

       -V     Displays version string.

       -q     Quiet mode.  Nothing is sent  to  the  system  log.
              Normally  the beginning, authentication, and termi-
              nation of each connection is logged.   This  option
              can also be specified in the configuration file.

       ssh-certd      reads      configuration      data     from
       /etc/ssh2/ssh_certd_config (or the file specified with  -f
       on  the  command  line).   The file contains keyword-value
       pairs, one per line.  Lines starting with  '#'  and  empty
       lines are interpreted as comments.

       For  the  format  of  ssh_certd_config, see ssh_certd_con-

              Contains configuration data  for  ssh-certd.   This
              file  should  be  writable  by root only, but it is
              recommended  (though  not  necessary)  that  it  be
              world-readable.   For  ease of migration from older
              installations, ssh_certd_config contains by default
              the  line  "UseSSHD2ConfigFile sshd2_config", which
              instructs ssh-certd to read the certificate config-
              uration  from  the  sshd2  configuration  file  and
              ignore the options that are not relevant to it.

       ssh-certd is normally run as root.

       SSH Communications Security Corp.

       For more information, see

       ssh_certd_config(5), sshd2(8)

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now