cryptsetup-ssh(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | NOTES | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON

CRYPTSETUP-SSH(8)         Maintenance Commands         CRYPTSETUP-SSH(8)

NAME         top

       cryptsetup-ssh - manage LUKS2 SSH token

SYNOPSIS         top

       cryptsetup-ssh <options> <action> <action args>

DESCRIPTION         top

       Experimental cryptsetup plugin for unlocking LUKS2 devices with
       token connected to an SSH server.

       This plugin currently allows only adding a token to an existing
       key slot, see cryptsetup(8) for instruction on how to remove,
       import or export the token.

   Add operation
       add <options> <device>

              Adds the SSH token to <device>.

              Specified SSH server must contain a key file on the
              specified path with a passphrase for an existing key slot
              on the device.  Provided credentials will be used by
              cryptsetup to get the password when opening the device
              using the token.

              --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
              required for this operation.

       --key-slot=NUM
              Keyslot to assign the token to. If not specified, the
              token will be assigned to the first key slot matching
              provided passphrase.

       --ssh-keypath=STRING
              Path to the SSH key for connecting to the remote server.

       --ssh-path=STRING
              Path to the key file on the remote server.

       --ssh-server=STRING
              IP address/URL of the remote server for this token.

       --ssh-user=STRING
              Username used for the remote server.

OPTIONS         top

       --debug
              Show debug messages

       --debug-json
              Show debug messages including JSON metadata

       -v, --verbose
              Shows more detailed error messages

       -?, --help
              Show help

       -V, --version
              Print program version

NOTES         top

       The information provided when adding the token (SSH server
       address, user and paths) will be stored in the LUKS2 header in
       plaintext.

REPORTING BUGS         top

       Report bugs, including ones in the documentation, on the
       cryptsetup mailing list at <dm-crypt@saout.de> or in the 'Issues'
       section on LUKS website.  Please attach the output of the failed
       command with the --debug option added.

COPYRIGHT         top

       Copyright © 2016-2021 Red Hat, Inc.
       Copyright © 2016-2021 Milan Broz
       Copyright © 2021 Vojtech Trefny

       This is free software; see the source for copying conditions.
       There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR
       A PARTICULAR PURPOSE.

SEE ALSO         top

       The project website at https://gitlab.com/cryptsetup/cryptsetup 

COLOPHON         top

       This page is part of the Cryptsetup ((open-source disk
       encryption)) project.  Information about the project can be found
       at ⟨https://gitlab.com/cryptsetup/cryptsetup⟩.  If you have a bug
       report for this manual page, send it to dm-crypt@saout.de.  This
       page was obtained from the project's upstream Git repository
       ⟨https://gitlab.com/cryptsetup/cryptsetup.git⟩ on 2021-08-27.
       (At that time, the date of the most recent commit that was found
       in the repository was 2021-08-25.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

cryptsetup-ssh                  June 2021              CRYPTSETUP-SSH(8)