The default ssh_certd_config
configuration file
is shown below. For descriptions of the configuration options, see
ssh_certd_config
## SSH CONFIGURATION FILE FORMAT VERSION 1.1 ## REGEX-SYNTAX egrep ## end of metaconfig ## (leave above lines intact!) ## ssh_certd_config ## &fullname; - Certificate Validator Configuration File ## UseSSHD2ConfigFile sshd2_config ## General # VerboseMode no # QuietMode no # SyslogFacility AUTH # RandomSeedFile /opt/tectia/etc/random_seed ## Certificate configuration # CertCacheFile /var/spool/ssh-certd-cache # SocksServer socks://mylogin@socks.example.com:1080 # UseSocks5 no # OCSPResponderURL http://example.com:8090/ocsp-1/ # LdapServers ldap://example.com:389 ## X.509 certificate of the root CA which is trusted when validating # user certificates. # Pki ca-certificate,use_expired_crls=3600 # PkiDisableCrls no # Mapfile ca-certificate.mapfile ## External key provider for fetching root CA X.509 certificates # from RACF or equivalent. The certificates found from the specified # ring(s)/label(s) are trusted when validating user certificates. # PkiEkProvider "zos-saf:KEYS(ID(SSHD2) RING(SSH-PKI))" # PkiDisableCrls no # Mapfile ca-certificate.mapfile ## External key provider for fetching root CA X.509 certificates # from RACF or equivalent. The certificates found from the specified # ring(s)/label(s) are trusted when validating remote host certificates # in hostbased user authentications. # HostCAEkProvider "zos-saf:KEYS(ID(SSHD2) RING(SSH-HOSTCA))" ## CRL autoupdate # CrlAutoUpdate yes,update_before=30,min_interval=30 ## CRL manual update # CrlPrefetch 3600 ldap://example.com/