Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH

Default ssh_certd_config Configuration File

The default ssh_certd_config configuration file is shown below. For descriptions of the configuration options, see ssh_certd_config(5)

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## ssh_certd_config
## &fullname; - Certificate Validator Configuration File ##

UseSSHD2ConfigFile                      sshd2_config

## General

#       VerboseMode                no
#       QuietMode                  no
#       SyslogFacility             AUTH
#       RandomSeedFile             /opt/tectia/etc/random_seed

## Certificate configuration

#       CertCacheFile              /var/spool/ssh-certd-cache
#       SocksServer                socks://mylogin@socks.example.com:1080
#       UseSocks5                  no
#       OCSPResponderURL           http://example.com:8090/ocsp-1/
#       LdapServers                ldap://example.com:389

## X.509 certificate of the root CA which is trusted when validating
#  user certificates.

#       Pki                        ca-certificate,use_expired_crls=3600
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating user certificates.

#       PkiEkProvider              "zos-saf:KEYS(ID(SSHD2) RING(SSH-PKI))"
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating remote host certificates
#  in hostbased user authentications.

#       HostCAEkProvider           "zos-saf:KEYS(ID(SSHD2) RING(SSH-HOSTCA))"

## CRL autoupdate

#       CrlAutoUpdate              yes,update_before=30,min_interval=30

## CRL manual update

#       CrlPrefetch                3600 ldap://example.com/

===AUTO_SCHEMA_MARKUP===