Your browser does not allow storing cookies. We recommend enabling them.

SSH

Running ssh-certd as a Started Task

To run ssh-certd as a started task, use a JCL procedure such as SSHCERTD (shown below) from /opt/tectia/doc/zOS/SAMPLIB. The JCL must be installed in the procedure library.

SSHCERTD:

//SSHCERTD PROC F=START,OPTS='',WTORCS='1,11'
//TECTIACD EXEC PGM=BPXBATSL,
//             REGION=0M,
//             TIME=NOLIMIT,
//             PARM=('PGM /opt/tectia/etc/init.d/ssh-certd
//             &F foreground &WTORCS &OPTS')
//STDENV   DD  DSN=&SYSUID..SSZ.SRVR63.PARMLIB(SSHENV),
//             DISP=SHR
//STDOUT   DD  SYSOUT=*
//*STDERR   DD  SYSOUT=*
//STDIN    DD  DUMMY
//         PEND

Start the Certificate Validator with the following operator command:

== > s sshcertd 

The sshcertd job starts.

As an OPTS parameter, you can give parameters that the actual binary accepts, such as -d 9. For example:

== > S SSHCERTD,OPTS='-d 9'

In the sample SSHCERTD script above, ssh-certd is started with the foreground option that disables the daemon mode. With the foreground option, the daemon does not spawn the process to background and the task name stays as sshcertd.

You can assign the user SSHD2 to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment, for example:

RDEFINE STARTED SSHCERTD.* STDATA(USER(SSHD2)GROUP(SYS1))
SETROPTS RACLIST REFRESH 

For more information, see ssh-certd.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now