SSH

Running ssh-certd as a Started Task

To run ssh-certd as a started task, use a JCL procedure such as SSHCERTD (shown below) from /opt/tectia/doc/zOS/SAMPLIB. The JCL must be installed in the procedure library.

SSHCERTD:

//SSHCERTD PROC F=START,OPTS='',WTORCS='1,11'
//TECTIACD EXEC PGM=BPXBATSL,
//             REGION=0M,
//             TIME=NOLIMIT,
//             PARM=('PGM /opt/tectia/etc/init.d/ssh-certd
//             &F foreground &WTORCS &OPTS')
//STDENV   DD  DSN=&SYSUID..SSZ.SRVR63.PARMLIB(SSHENV),
//             DISP=SHR
//STDOUT   DD  SYSOUT=*
//*STDERR   DD  SYSOUT=*
//STDIN    DD  DUMMY
//         PEND

Start the Certificate Validator with the following operator command:

== > s sshcertd 

The sshcertd job starts.

As an OPTS parameter, you can give parameters that the actual binary accepts, such as -d 9. For example:

== > S SSHCERTD,OPTS='-d 9'

In the sample SSHCERTD script above, ssh-certd is started with the foreground option that disables the daemon mode. With the foreground option, the daemon does not spawn the process to background and the task name stays as sshcertd.

You can assign the user SSHD2 to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment, for example:

RDEFINE STARTED SSHCERTD.* STDATA(USER(SSHD2)GROUP(SYS1))
SETROPTS RACLIST REFRESH 

For more information, see ssh-certd.