Experimental cryptsetup plugin for unlocking LUKS2 devices with
token connected to an SSH server.
This plugin currently allows only adding a token to an existing
key slot, see cryptsetup(8) for instruction on how to remove,
import or export the token.
Add operationadd <options> <device>
Adds the SSH token to <device>.
Specified SSH server must contain a key file on the
specified path with a passphrase for an existing key slot
on the device. Provided credentials will be used by
cryptsetup to get the password when opening the device
using the token.
--ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
required for this operation.
Keyslot to assign the token to. If not specified, the
token will be assigned to the first key slot matching
Path to the SSH key for connecting to the remote server.
Path to the key file on the remote server.
IP address/URL of the remote server for this token.
Username used for the remote server.
Report bugs, including ones in the documentation, on the
cryptsetup mailing list at <email@example.com> or in the 'Issues'
section on LUKS website. Please attach the output of the failed
command with the --debug option added.
This page is part of the Cryptsetup ((open-source disk
encryption)) project. Information about the project can be found
at ⟨https://gitlab.com/cryptsetup/cryptsetup⟩. If you have a bug
report for this manual page, send it to firstname.lastname@example.org. This
page was obtained from the project's upstream Git repository
⟨https://gitlab.com/cryptsetup/cryptsetup.git⟩ on 2021-08-27.
(At that time, the date of the most recent commit that was found
in the repository was 2021-08-25.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
cryptsetup-ssh June 2021 CRYPTSETUP-SSH(8)