To run ssh-certd as a started task, use a JCL procedure such as SSHCERTD (shown below) from /opt/tectia/doc/zOS/SAMPLIB. The JCL must be installed in the procedure library.

SSHCERTD:

//SSHCERTD PROC OPTS=''
//TECTIACD EXEC PGM=BPXBATSL,
//             REGION=0M,
//             TIME=NOLIMIT,
//             PARM=('PGM /opt/tectia/sbin/ssh-certd -F
//              &OPTS')
//STDENV   DD  DSN=SSZ.SRVR64.PARMLIB(SSHENV),DISP=SHR
//STDOUT   DD  SYSOUT=*
//*STDERR   DD  SYSOUT=*
//STDIN    DD  DUMMY
//         PEND

Start the Certificate Validator with the following operator command:

===> S SSHCERTD 

The sshcertd job starts.

As an OPTS parameter, you can give parameters that the actual binary accepts (described in detail in ssh-certd Options). For example:

===> S SSHCERTD,OPTS='-d 9'

You can query the version of the Certificate Validator with the following command:

===> F SSHCERTD,VERSION

In the sample SSHCERTD script above, ssh-certd is started with the foreground option that disables the daemon mode. With the foreground option, the daemon does not spawn the process to background and the task name stays as sshcertd.

You can assign the SSHD2 user to the started task by defining the procedure in the STARTED class and entering the user ID in the STDATA segment, for example:

RDEFINE STARTED SSHCERTD.* STDATA(USER(SSHD2)GROUP(SYS1))
SETROPTS RACLIST REFRESH 

For more information, see ssh-certd(8).