43 lines
729 B
Plaintext
43 lines
729 B
Plaintext
Manual installation
|
|
===================
|
|
|
|
* Create user sshca:
|
|
+
|
|
----
|
|
useradd --system --no-user-group --shell /bin/sh --create-home --home-dir /srv/sshca sshca
|
|
----
|
|
|
|
* Create directories:
|
|
+
|
|
----
|
|
install -o sshca -m 0700 -d ~sshca/bin ~sshca/.local ~sshca/.local/sshca ~sshca/.local/sshca/pubs
|
|
----
|
|
|
|
* Copy `ssh-ca` script:
|
|
+
|
|
----
|
|
install -o sshca -m 0700 -t ~sshca/bin ssh-ca
|
|
----
|
|
|
|
* Create `authorized_keys`:
|
|
+
|
|
----
|
|
touch emptyfile
|
|
install -o sshca -m 0700 emptyfile ~sshca/.ssh/authorized_keys
|
|
rm emptyfile
|
|
----
|
|
|
|
* Create serial-file:
|
|
+
|
|
----
|
|
echo 0 > serial
|
|
install -o sshca -m 0600 serial ~sshca/.local/sshca
|
|
rm serial
|
|
----
|
|
|
|
* Create CA (no password):
|
|
+
|
|
----
|
|
ssh-keygen -t ed25519 -C "CA" -N '' -f ~sshca/.local/sshca/ca
|
|
----
|