Default ssh_certd_config Configuration File
The default ssh_certd_config configuration file is shown below. For
descriptions of the configuration options, see ssh_certd_config(5)
## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## ssh_certd_config
## &fullname; - Certificate Validator Configuration File ##
UseSSHD2ConfigFile sshd2_config
## General
# VerboseMode no
# QuietMode no
# SyslogFacility AUTH
# RandomSeedFile /opt/tectia/etc/random_seed
## Certificate configuration
# CertCacheFile /var/spool/ssh-certd-cache
# SocksServer socks://mylogin@socks.example.com:1080
# UseSocks5 no
# OCSPResponderURL http://example.com:8090/ocsp-1/
# LdapServers ldap://example.com:389
## X.509 certificate of the root CA which is trusted when validating
# user certificates.
# Pki ca-certificate,use_expired_crls=3600
# PkiDisableCrls no
# Mapfile ca-certificate.mapfile
## External key provider for fetching root CA X.509 certificates
# from RACF or equivalent. The certificates found from the specified
# ring(s)/label(s) are trusted when validating user certificates.
# PkiEkProvider "zos-saf:KEYS(ID(SSHD2) RING(SSH-PKI))"
# PkiDisableCrls no
# Mapfile ca-certificate.mapfile
## External key provider for fetching root CA X.509 certificates
# from RACF or equivalent. The certificates found from the specified
# ring(s)/label(s) are trusted when validating remote host certificates
# in hostbased user authentications.
# HostCAEkProvider "zos-saf:KEYS(ID(SSHD2) RING(SSH-HOSTCA))"
## CRL autoupdate
# CrlAutoUpdate yes,update_before=30,min_interval=30
## CRL manual update
# CrlPrefetch 3600 ldap://example.com/
2015 SSH Communications Security Corporation