Manual installation

• Create user sshca:

  useradd --system --no-user-group --shell /bin/sh --create-home --home-dir /srv/sshca sshca

• Create directories:

  install -o sshca -m 0700 -d ~sshca/bin ~sshca/.local ~sshca/.local/sshca ~sshca/.local/sshca/pubs

• Copy ssh-ca script:

  install -o sshca -m 0700 -t ~sshca/bin ssh-ca

• Create authorized_keys:

  touch emptyfile
  install -o sshca -m 0700 emptyfile ~sshca/.ssh/authorized_keys
  rm emptyfile

• Create serial-file:

  echo 0 > serial
  install -o sshca -m 0600 serial ~sshca/.local/sshca
  rm serial

• Create CA (no password):

  ssh-keygen -t ed25519 -C "CA" -N '' -f ~sshca/.local/sshca/ca