Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Authentication >>
    System Administration >>
    File Transfer Using SFTP >>
    Secure File Transfer Using Transparent FTP Security >>
    Tunneling >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Man Pages and Default Configuration Files >>
        ssh-certd
        ssh_certd_config
        ssh-dummy-shell
        ssh-externalkeys
        sshd-check-conf
        sshd2
        sshd2_config
        sshd2_subconfig
        sshregex
        Default sshd2_config Configuration File
        Default ssh_certd_config Configuration File
    Log Messages >>

Default ssh_certd_config Configuration File

The default ssh_certd_config configuration file is shown below. For descriptions of the configuration options, see Appendix ssh_certd_config

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## ssh_certd_config
## SSH Tectia Server 6.1 for IBM z/OS - Certificate Validator Configuration File
##

UseSSHD2ConfigFile                      sshd2_config

## General

#       VerboseMode                no
#       QuietMode                  no
#       SyslogFacility             AUTH
#       RandomSeedFile             /opt/tectia/etc/random_seed

## Certificate configuration

#       CertCacheFile              /var/spool/ssh-certd-cache
#       SocksServer                socks://mylogin@socks.example.com:1080
#       UseSocks5                  no
#       OCSPResponderURL           http://example.com:8090/ocsp-1/
#       LdapServers                ldap://example.com:389

## X.509 certificate of the root CA which is trusted when validating
#  user certificates.

#       Pki                        ca-certificate,use_expired_crls=3600
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating user certificates.

#       PkiEkProvider              "zos-saf:KEYS(ID(SSHD2) RING(SSH-PKI))"
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating remote host certificates
#  in hostbased user authentications.

#       HostCAEkProvider           "zos-saf:KEYS(ID(SSHD2) RING(SSH-HOSTCA))"

## CRL autoupdate

#       CrlAutoUpdate              yes,update_before=30,min_interval=30

## CRL manual update

#       CrlPrefetch                3600 ldap://example.com/

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2011 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more