cryptsetup-ssh - Man Page
manage LUKS2 SSH token
Synopsis
cryptsetup-ssh <action> [<options>] <action args>
Description
Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server.
This plugin currently allows only adding a token to an existing key slot. See cryptsetup(8) for instructions on how to remove, import or export the token.
Add operation
add <options> <device>
Adds the SSH token to <device>.
The specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device. Provided credentials will be used by cryptsetup to get the password when opening the device using the token.
Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are required for this operation.
Options
- --debug
Show debug messages
- --debug-json
Show debug messages including JSON metadata
- --help, -?
Show help
- --key-slot=NUM
Keyslot to assign the token to. If not specified, the token will be assigned to the first key slot matching provided passphrase.
- --ssh-keypath=STRING
Path to the SSH key for connecting to the remote server.
- --ssh-path=STRING
Path to the key file on the remote server.
- --ssh-server=STRING
IP address/URL of the remote server for this token.
- --ssh-user=STRING
Username used for the remote server.
- --verbose, -v
Shows more detailed error messages
- --version, -V
Print program version
Notes
The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext.
Authors
The cryptsetup-ssh tool is written by Vojtech Trefny.
Reporting Bugs
Report bugs at cryptsetup mailing list or in Issues project section.
Please attach output of the failed command with --debug option added.
See Also
Cryptsetup
Part of cryptsetup project.