1CRYPTSETUP-SSH(8)            Maintenance Commands            CRYPTSETUP-SSH(8)
2
3
4

NAME

6       cryptsetup-ssh - manage LUKS2 SSH token
7

SYNOPSIS

9       cryptsetup-ssh <action> [<options>] <action args>
10

DESCRIPTION

12       Experimental cryptsetup plugin for unlocking LUKS2 devices with token
13       connected to an SSH server.
14
15       This plugin currently allows only adding a token to an existing key
16       slot. See cryptsetup(8) for instructions on how to remove, import or
17       export the token.
18
19   Add operation
20       add <options> <device>
21
22       Adds the SSH token to <device>.
23
24       The specified SSH server must contain a key file on the specified path
25       with a passphrase for an existing key slot on the device. Provided
26       credentials will be used by cryptsetup to get the password when opening
27       the device using the token.
28
29       Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
30       required for this operation.
31

OPTIONS

33       --key-slot=NUM
34           Keyslot to assign the token to. If not specified, the token will be
35           assigned to the first key slot matching provided passphrase.
36
37       --ssh-keypath=STRING
38           Path to the SSH key for connecting to the remote server.
39
40       --ssh-path=STRING
41           Path to the key file on the remote server.
42
43       --ssh-server=STRING
44           IP address/URL of the remote server for this token.
45
46       --ssh-user=STRING
47           Username used for the remote server.
48
49       --debug
50           Show debug messages
51
52       --debug-json
53           Show debug messages including JSON metadata
54
55       --verbose, -v
56           Shows more detailed error messages
57
58       --help, -?
59           Show help
60
61       --version, -V
62           Print program version
63

NOTES

65       The information provided when adding the token (SSH server address,
66       user and paths) will be stored in the LUKS2 header in plaintext.
67

AUTHORS

69       The cryptsetup-ssh tool is written by Vojtech Trefny.
70

REPORTING BUGS

72       Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or
73       in Issues project section
74       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
75
76       Please attach output of the failed command with --debug option added.
77

SEE ALSO

79       Cryptsetup FAQ
80       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
81
82       cryptsetup(8), integritysetup(8) and veritysetup(8)
83

CRYPTSETUP

85       Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
86
87
88
89cryptsetup-ssh 2.6.1              2023-02-10                 CRYPTSETUP-SSH(8)
Impressum