Manual installation
===================

* Create user sshca:
+
----
useradd --system --no-user-group --shell /bin/sh --create-home --home-dir /srv/sshca sshca
----

* Create directories:
+
----
install -o sshca -m 0700 -d ~sshca/bin ~sshca/.local ~sshca/.local/sshca ~sshca/.local/sshca/pubs
----

* Copy `ssh-ca` script:
+
----
install -o sshca -m 0700 -t ~sshca/bin ssh-ca
----

* Create `authorized_keys`:
+
----
touch emptyfile
install -o sshca -m 0700 emptyfile ~sshca/.ssh/authorized_keys
rm emptyfile
----

* Create serial-file:
+
----
echo 0 > serial
install -o sshca -m 0600 serial ~sshca/.local/sshca
rm serial
----

* Create CA (no password):
+
----
ssh-keygen -t ed25519 -C "CA" -N '' -f ~sshca/.local/sshca/ca
----