SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
        Running the Server >>
            Starting the Server Manually under USS
            Running as a Started Task
            Starting the Server in Debug Mode
            Environment Variables for the Server
            Running ssh-certd
            Restarting the Server
        Setting Up a Shell User>>
        Running Client Programs>>
        Handling MVS Datasets and HFS File System Access>>
        Listing Datasets with SFTP Clients>>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
    Man Pages >>
    Log Messages >>

Running ssh-certd

The SSH Tectia Certificate Validator (ssh-certd) is a process used by sshd2 when validating user certificates.

To start ssh-certd manually, log on to USS as the SSHD2 user. Execute the command: 

> /usr/lpp/ssh2/sbin/ssh-certd

To run ssh-certd as a started task, use a JCL procedure such as SSHCERTD (shown below). The JCL must be installed in the procedure library.

SSHCERTD: 

//RUNCRTD PROC
//SSHCRTD EXEC PGM=BPXBATCH,REGION=0M,TIME=NOLIMIT,
//             PARM='PGM /bin/sh /etc/ssh2/init.d/ssh-certd
//             start foreground'
//STDOUT   DD  PATH='/home/sshd2/ssh-certd.out',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDERR   DD  PATH='/home/sshd2/ssh-certd.err',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDENV   DD  DSN=SSHD2.SSZ.SAMPLIB(SSHENV),
//             DISP=SHR
//STDIN    DD  DUMMY
//        PEND

Start the Certificate Validator with the following operator command: 

== > s sshcertd

The sshcertd job starts.

In the sample SSHCERTD script above, ssh-certd is started with the start foreground option that disables the daemon mode. With the start foreground option, the daemon does not spawn the process to background and the task name stays as sshcertd.

If the ssh-certd process is started without the start foreground option, the ssh-certd daemon starts and spawns a new job with the name sshcertdx (where x is a number). After this, the sshcertd job ends.

You can assign the user SSHD2 to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment.

For more information, see Appendix ssh-certd.

Previous Next Up [Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice