table of contents
| CRYPTSETUP-SSH(8) | Maintenance Commands | CRYPTSETUP-SSH(8) |
NAME¶
cryptsetup-ssh - manage LUKS2 SSH token
SYNOPSIS¶
cryptsetup-ssh <action> [<options>] <action args>
DESCRIPTION¶
Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server.
This plugin currently allows only adding a token to an existing key slot. See cryptsetup(8) for instructions on how to remove, import or export the token.
Add operation¶
add <options> <device>
Adds the SSH token to <device>.
The specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device. Provided credentials will be used by cryptsetup to get the password when opening the device using the token.
Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are required for this operation.
OPTIONS¶
--key-slot=NUM
--ssh-keypath=STRING
--ssh-path=STRING
--ssh-server=STRING
--ssh-user=STRING
--debug
--debug-json
--verbose, -v
--help, -?
--version, -V
NOTES¶
The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext.
AUTHORS¶
The cryptsetup-ssh tool is written by Vojtech Trefny.
REPORTING BUGS¶
Report bugs at cryptsetup mailing list <cryptsetup@lists.linux.dev> or in Issues project section <https://gitlab.com/cryptsetup/cryptsetup/-/issues/new>.
Please attach output of the failed command with --debug option added.
SEE ALSO¶
Cryptsetup FAQ <https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions>
cryptsetup(8), integritysetup(8) and veritysetup(8)
CRYPTSETUP¶
Part of cryptsetup project <https://gitlab.com/cryptsetup/cryptsetup/>.
| 2022-07-15 | cryptsetup-ssh 2.5.0-rc1 |