8. Install the SSH key synchronization daemon. For systemd:
1. Copy `services/systemd/keys-sync.service` to `/etc/systemd/system/`
2. Modify `ExecStart` path and `User` as necessary. If SSH Key Authority is installed under `/home`, disable `ProtectHome`.
3.`systemctl daemon-reload`
4.`systemctl enable keys-sync.service`
Usage
-----
Anyone in the LDAP group defined under `admin_group_cn` in `config/config.ini` will be able to manage accounts and servers.
Key distribution
----------------
SSH Key Authority distributes authorized keys to your servers via SSH. It does this by:
1. Connecting to the server with SSH, authorizing as the `keys-sync` user.
2. Writing the appropriate authorized keys to named user files in `/var/local/keys-sync/` (eg. all authorized keys for the root user will be written to `/var/local/keys-sync/root`).
This means that your SSH installation will need to be reconfigured to read authorized keys from `/var/local/keys-sync/`.
Please note that doing so will deny access to any existing SSH public key authorized in the default `~/.ssh` directories.
Under OpenSSH, the configuration changes needed are:
AuthorizedKeysFile /var/local/keys-sync/%u
StrictModes no
StrictModes must be disabled because the files will all be owned by the keys-sync user.
The file `/var/local/keys-sync/keys-sync` must exist, with the same contents as the `config/keys-sync.pub` file in order for the synchronization daemon to authenticate.