SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
        scp2
        sftp2
        ssh-add2
        ssh-agent2
        ssh-certd
        ssh_certd_config
        ssh-certview >>
        ssh-cmpclient >>
            Synopsis
            Description
            Commands
            Options
            Examples
        ssh-dummy-shell
        ssh-ekview
        ssh-externalkeys
        ssh-keygen2
        ssh-probe2
        ssh-scepclient >>
        ssh-sft-stage
        ssh2
        ssh2_config
        sshd-check-conf
        sshd2
        sshd2_config
        sshd2_subconfig
        sshregex
    Log Messages >>

Commands

The ssh-cmpclient command-line command keywords are listed below. Shorthands longer than three letters can be used to identify the command. The commands are case-insensitive. The user must specify the CA address URL for each command. Here the term "user" refers to a user, program, or hardware device.

  • INITIALIZE

    Requests the user's initial certificate. The request is authenticated using the reference number and the corresponding key (PSK) received from the CA or RA using some out-of-band mechanism.

    The user must specify the PSK, the asymmetric key pair, and a subject name.

  • ENROLL

    Requests a new certificate when the user already has a valid certificate for the key. This request is similar to initialize except that it is authenticated using public-key methods.

  • POLL

    Polls for a certificate when a request was not immediately accepted.

  • UPDATE

    Requests an update of an existing certificate (replacement). The issued certificate will be similar to the existing certificate (names, flags, and other extensions). The user can change the key, and the validity times are updated by the CA. This request is authenticated by a valid existing key pair and a certificate.

  • RECOVER

    Requests recovery of a backed-up key. This request is authenticated either by PSK-based or certificate-based authentication. The template describes the certificate whose private key has already been backed up and should be recovered. Users can only recover keys they have backed up themselves.

  • REVOKE

    Requests revocation for a key specified in the template. Authentication of the request is made using a PSK or a certificate belonging to the same user as the subject of revocation.

  • TUNNEL

    Operates in RA tunnel mode. Reads requests and optionally modifies the subject name, alternative names, and extensions based on the command line. Approves the request and sends it to the CA.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice