cryptsetup-ssh

CRYPTSETUP-SSH(8)            Maintenance Commands            CRYPTSETUP-SSH(8)

NAME
       cryptsetup-ssh - manage LUKS2 SSH token

SYNOPSIS
       cryptsetup-ssh <options> <action> <action args>

DESCRIPTION
       Experimental  cryptsetup  plugin for unlocking LUKS2 devices with token
       connected to an SSH server.

       This plugin currently allows only adding a token  to  an  existing  key
       slot, see cryptsetup(8) for instruction on how to remove, import or ex-
       port the token.

   Add operation
       add <options> <device>

              Adds the SSH token to <device>.

              Specified SSH server must contain a key file  on  the  specified
              path  with  a passphrase for an existing key slot on the device.
              Provided credentials will be used by cryptsetup to get the pass-
              word when opening the device using the token.

              --ssh-server,  --ssh-user,  --ssh-keypath and --ssh-path are re-
              quired for this operation.

       --key-slot=NUM
              Keyslot to assign the token to. If not specified, the token will
              be assigned to the first key slot matching provided passphrase.

       --ssh-keypath=STRING
              Path to the SSH key for connecting to the remote server.

       --ssh-path=STRING
              Path to the key file on the remote server.

       --ssh-server=STRING
              IP address/URL of the remote server for this token.

       --ssh-user=STRING
              Username used for the remote server.

OPTIONS
       --debug
              Show debug messages

       --debug-json
              Show debug messages including JSON metadata

       -v, --verbose
              Shows more detailed error messages

       -?, --help
              Show help

       -V, --version
              Print program version

NOTES
       The  information  provided  when  adding the token (SSH server address,
       user and paths) will be stored in the LUKS2 header in plaintext.

REPORTING BUGS
       Report bugs, including ones in the  documentation,  on  the  cryptsetup
       mailing  list at <dm-crypt@saout.de> or in the 'Issues' section on LUKS
       website.  Please attach the output of the failed command with the --de-
       bug option added.

COPYRIGHT
       Copyright (C) 2016-2021 Red Hat, Inc.
       Copyright (C) 2016-2021 Milan Broz
       Copyright (C) 2021 Vojtech Trefny

       This is free software; see the source for copying conditions.  There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR
       PURPOSE.

SEE ALSO
       The project website at https://gitlab.com/cryptsetup/cryptsetup

cryptsetup-ssh                     June 2021                 CRYPTSETUP-SSH(8)