1CRYPTSETUP-SSH(8)            Maintenance Commands            CRYPTSETUP-SSH(8)
2
3
4

NAME

6       cryptsetup-ssh - manage LUKS2 SSH token
7

SYNOPSIS

9       cryptsetup-ssh <options> <action> <action args>
10

DESCRIPTION

12       Experimental  cryptsetup  plugin for unlocking LUKS2 devices with token
13       connected to an SSH server.
14
15       This plugin currently allows only adding a token  to  an  existing  key
16       slot, see cryptsetup(8) for instruction on how to remove, import or ex‐
17       port the token.
18
19
20   Add operation
21       add <options> <device>
22
23              Adds the SSH token to <device>.
24
25              Specified SSH server must contain a key file  on  the  specified
26              path  with  a passphrase for an existing key slot on the device.
27              Provided credentials will be used by cryptsetup to get the pass‐
28              word when opening the device using the token.
29
30              --ssh-server,  --ssh-user,  --ssh-keypath and --ssh-path are re‐
31              quired for this operation.
32
33
34       --key-slot=NUM
35              Keyslot to assign the token to. If not specified, the token will
36              be assigned to the first key slot matching provided passphrase.
37
38       --ssh-keypath=STRING
39              Path to the SSH key for connecting to the remote server.
40
41       --ssh-path=STRING
42              Path to the key file on the remote server.
43
44       --ssh-server=STRING
45              IP address/URL of the remote server for this token.
46
47       --ssh-user=STRING
48              Username used for the remote server.
49

OPTIONS

51       --debug
52              Show debug messages
53
54       --debug-json
55              Show debug messages including JSON metadata
56
57       -v, --verbose
58              Shows more detailed error messages
59
60       -?, --help
61              Show help
62
63       -V, --version
64              Print program version
65

NOTES

67       The  information  provided  when  adding the token (SSH server address,
68       user and paths) will be stored in the LUKS2 header in plaintext.
69
70

REPORTING BUGS

72       Report bugs, including ones in the  documentation,  on  the  cryptsetup
73       mailing  list at <dm-crypt@saout.de> or in the 'Issues' section on LUKS
74       website.  Please attach the output of the failed command with the --de‐
75       bug option added.
76
77

79       Copyright © 2016-2021 Red Hat, Inc.
80       Copyright © 2016-2021 Milan Broz
81       Copyright © 2021 Vojtech Trefny
82
83       This is free software; see the source for copying conditions.  There is
84       NO warranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR
85       PURPOSE.
86

SEE ALSO

88       The project website at https://gitlab.com/cryptsetup/cryptsetup
89
90
91
92cryptsetup-ssh                     June 2021                 CRYPTSETUP-SSH(8)
Impressum