SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
        Configuration Files >>
        Subconfigurations >>
        Ciphers and MACs
        Compression
        Configuring Root Logins
        Restricting User Logins
        Subsystems
        Auditing >>
        Securing the Server >>
        Default sshd2_config Configuration File
        Default ssh_certd_config Configuration File
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Default ssh_certd_config Configuration File

The default ssh_certd_config configuration file is shown below. For more information on the configuration options, see Appendix ssh_certd_config

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## ssh_certd_config
## SSH Tectia Server for IBM z/OS 5.3 - Certificate Validator Configuration File
##

UseSSHD2ConfigFile                      sshd2_config

## General

#       VerboseMode                no
#       QuietMode                  no
#       SyslogFacility             AUTH
#       RandomSeedFile             /etc/ssh2/random_seed

## Certificate configuration

#       CertCacheFile              /var/spool/ssh-certd-cache
#       SocksServer                socks://mylogin@socks.example.com:1080
#       UseSocks5                  no
#       OCSPResponderURL           http://example.com:8090/ocsp-1/
#       LdapServers                ldap://example.com:389

## X.509 certificate of the root CA which is trusted when validating
#  user certificates.

#       Pki                        ca-certificate,use_expired_crls=3600
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating user certificates.

#       PkiEkProvider              "zos-saf:KEYS(ID(SSHD2) RING(SSH-PKI))"
#       PkiDisableCrls             no
#       Mapfile                    ca-certificate.mapfile

## External key provider for fetching root CA X.509 certificates
#  from RACF or equivalent. The certificates found from the specified
#  ring(s)/label(s) are trusted when validating remote host certificates
#  in hostbased user authentications.

#       HostCAEkProvider           "zos-saf:KEYS(ID(SSHD2) RING(SSH-HOSTCA))"

## CRL autoupdate

#       CrlAutoUpdate              yes,update_before=30,min_interval=30

## CRL manual update

#       CrlPrefetch                3600 ldap://example.com/

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice