oracular (8) cryptsetup-ssh.8.gz

Provided by: cryptsetup-ssh_2.7.2-2ubuntu1_amd64 bug

NAME

       cryptsetup-ssh - manage LUKS2 SSH token

SYNOPSIS

       cryptsetup-ssh <action> [<options>] <action args>

DESCRIPTION

       Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH
       server.

       This plugin currently allows only adding a token to an existing key slot. See
       cryptsetup(8) for instructions on how to remove, import or export the token.

   Add operation
       add <options> <device>

       Adds the SSH token to <device>.

       The specified SSH server must contain a key file on the specified path with a passphrase
       for an existing key slot on the device. Provided credentials will be used by cryptsetup to
       get the password when opening the device using the token.

       Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are required for this
       operation.

OPTIONS

       --debug
           Show debug messages

       --debug-json
           Show debug messages including JSON metadata

       --help, -?
           Show help

       --key-slot=NUM
           Keyslot to assign the token to. If not specified, the token will be assigned to the
           first key slot matching provided passphrase.

       --ssh-keypath=STRING
           Path to the SSH key for connecting to the remote server.

       --ssh-path=STRING
           Path to the key file on the remote server.

       --ssh-server=STRING
           IP address/URL of the remote server for this token.

       --ssh-user=STRING
           Username used for the remote server.

       --verbose, -v
           Shows more detailed error messages

       --version, -V
           Print program version

NOTES

       The information provided when adding the token (SSH server address, user and paths) will
       be stored in the LUKS2 header in plaintext.

AUTHORS

       The cryptsetup-ssh tool is written by Vojtech Trefny.

REPORTING BUGS

       Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project
       section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.

       Please attach output of the failed command with --debug option added.

SEE ALSO

       Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>

       cryptsetup(8), integritysetup(8) and veritysetup(8)

CRYPTSETUP

       Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.