cryptsetup-ssh(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | NOTES | AUTHORS | REPORTING BUGS | SEE ALSO | CRYPTSETUP

CRYPTSETUP-SSH(8)         Maintenance Commands         CRYPTSETUP-SSH(8)

NAME         top

       cryptsetup-ssh - manage LUKS2 SSH token

SYNOPSIS         top

       cryptsetup-ssh <action> [<options>] <action args>

DESCRIPTION         top

       Experimental cryptsetup plugin for unlocking LUKS2 devices with
       token connected to an SSH server.

       This plugin currently allows only adding a token to an existing
       key slot. See cryptsetup(8) for instructions on how to remove,
       import or export the token.

   Add operation
       add <options> <device>

       Adds the SSH token to <device>.

       The specified SSH server must contain a key file on the specified
       path with a passphrase for an existing key slot on the device.
       Provided credentials will be used by cryptsetup to get the
       password when opening the device using the token.

       Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path
       are required for this operation.

OPTIONS         top

       --key-slot=NUM
           Keyslot to assign the token to. If not specified, the token
           will be assigned to the first key slot matching provided
           passphrase.

       --ssh-keypath=STRING
           Path to the SSH key for connecting to the remote server.

       --ssh-path=STRING
           Path to the key file on the remote server.

       --ssh-server=STRING
           IP address/URL of the remote server for this token.

       --ssh-user=STRING
           Username used for the remote server.

       --debug
           Show debug messages

       --debug-json
           Show debug messages including JSON metadata

       --verbose, -v
           Shows more detailed error messages

       --help, -?
           Show help

       --version, -V
           Print program version

NOTES         top

       The information provided when adding the token (SSH server
       address, user and paths) will be stored in the LUKS2 header in
       plaintext.

AUTHORS         top

       The cryptsetup-ssh tool is written by Vojtech Trefny.

REPORTING BUGS         top

       Report bugs at cryptsetup mailing list
       <[email protected]> or in Issues project section
       <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.

       Please attach output of the failed command with --debug option
       added.

SEE ALSO         top

       Cryptsetup FAQ
       <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>

       cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP         top

       Part of cryptsetup project
       <https://gitlab.com/cryptsetup/cryptsetup/>. This page is part of
       the Cryptsetup ((open-source disk encryption)) project.
       Information about the project can be found at 
       ⟨https://gitlab.com/cryptsetup/cryptsetup⟩. If you have a bug
       report for this manual page, send it to [email protected]. This
       page was obtained from the project's upstream Git repository
       ⟨https://gitlab.com/cryptsetup/cryptsetup.git⟩ on 2023-12-22. (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-20.) If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       [email protected]

cryptsetup-ssh 2.6.1-git       2022-12-14              CRYPTSETUP-SSH(8)