ssh-ca

No description

Find a file

Denis Knauf e5a7448c5f init		2022-02-27 11:25:21 +01:00
.gitignore	init	2022-02-27 11:25:21 +01:00
Makefile	init	2022-02-27 11:25:21 +01:00
README.adoc	init	2022-02-27 11:25:21 +01:00
ssh-ca	init	2022-02-27 11:25:21 +01:00
ssh-ca.conf	init	2022-02-27 11:25:21 +01:00

README.adoc

Manual installation
===================

* Create user sshca:
+
----
useradd --system --no-user-group --shell /bin/sh --create-home --home-dir /srv/sshca sshca
----

* Create directories:
+
----
install -o sshca -m 0700 -d ~sshca/bin ~sshca/.local ~sshca/.local/sshca ~sshca/.local/sshca/pubs
----

* Copy `ssh-ca` script:
+
----
install -o sshca -m 0700 -t ~sshca/bin ssh-ca
----

* Create `authorized_keys`:
+
----
touch emptyfile
install -o sshca -m 0700 emptyfile ~sshca/.ssh/authorized_keys
rm emptyfile
----

* Create serial-file:
+
----
echo 0 > serial
install -o sshca -m 0600 serial ~sshca/.local/sshca
rm serial
----

* Create CA (no password):
+
----
ssh-keygen -t ed25519 -C "CA" -N '' -f ~sshca/.local/sshca/ca
----