oracular (8) cryptsetup-ssh.8.gz
NAME
cryptsetup-ssh - manage LUKS2 SSH token
SYNOPSIS
cryptsetup-ssh <action> [<options>] <action args>
DESCRIPTION
Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server. This plugin currently allows only adding a token to an existing key slot. See cryptsetup(8) for instructions on how to remove, import or export the token. Add operation add <options> <device> Adds the SSH token to <device>. The specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device. Provided credentials will be used by cryptsetup to get the password when opening the device using the token. Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are required for this operation.
OPTIONS
--debug Show debug messages --debug-json Show debug messages including JSON metadata --help, -? Show help --key-slot=NUM Keyslot to assign the token to. If not specified, the token will be assigned to the first key slot matching provided passphrase. --ssh-keypath=STRING Path to the SSH key for connecting to the remote server. --ssh-path=STRING Path to the key file on the remote server. --ssh-server=STRING IP address/URL of the remote server for this token. --ssh-user=STRING Username used for the remote server. --verbose, -v Shows more detailed error messages --version, -V Print program version
NOTES
The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext.
AUTHORS
The cryptsetup-ssh tool is written by Vojtech Trefny.
REPORTING BUGS
Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>. Please attach output of the failed command with --debug option added.
SEE ALSO
Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions> cryptsetup(8), integritysetup(8) and veritysetup(8)
CRYPTSETUP
Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.