'\" t
.\"     Title: cryptsetup-ssh
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.18
.\"      Date: 2023-12-18
.\"    Manual: Maintenance Commands
.\"    Source: cryptsetup-ssh 2.6.1
.\"  Language: English
.\"
.TH "CRYPTSETUP\-SSH" "8" "2023-12-18" "cryptsetup\-ssh 2.6.1" "Maintenance Commands"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
cryptsetup-ssh \- manage LUKS2 SSH token
.SH "SYNOPSIS"
.sp
\fBcryptsetup\-ssh <action> [<options>] <action args>\fP
.SH "DESCRIPTION"
.sp
Experimental cryptsetup plugin for unlocking LUKS2 devices with token
connected to an SSH server.
.sp
This plugin currently allows only adding a token to an existing key
slot. See \fBcryptsetup(8)\fP for instructions on how to remove, import or
export the token.
.SS "Add operation"
.sp
\fBadd <options> <device>\fP
.sp
Adds the SSH token to \fB<device>\fP.
.sp
The specified SSH server must contain a key file on the specified path with
a passphrase for an existing key slot on the device. Provided
credentials will be used by cryptsetup to get the password when opening
the device using the token.
.sp
Options \-\-ssh\-server, \-\-ssh\-user, \-\-ssh\-keypath and \-\-ssh\-path are
required for this operation.
.SH "OPTIONS"
.sp
\fB\-\-key\-slot\fP=\fINUM\fP
.RS 4
Keyslot to assign the token to. If not specified, the token will be
assigned to the first key slot matching provided passphrase.
.RE
.sp
\fB\-\-ssh\-keypath\fP=\fISTRING\fP
.RS 4
Path to the SSH key for connecting to the remote server.
.RE
.sp
\fB\-\-ssh\-path\fP=\fISTRING\fP
.RS 4
Path to the key file on the remote server.
.RE
.sp
\fB\-\-ssh\-server\fP=\fISTRING\fP
.RS 4
IP address/URL of the remote server for this token.
.RE
.sp
\fB\-\-ssh\-user\fP=\fISTRING\fP
.RS 4
Username used for the remote server.
.RE
.sp
\fB\-\-debug\fP
.RS 4
Show debug messages
.RE
.sp
\fB\-\-debug\-json\fP
.RS 4
Show debug messages including JSON metadata
.RE
.sp
\fB\-\-verbose, \-v\fP
.RS 4
Shows more detailed error messages
.RE
.sp
\fB\-\-help, \-?\fP
.RS 4
Show help
.RE
.sp
\fB\-\-version, \-V\fP
.RS 4
Print program version
.RE
.SH "NOTES"
.sp
The information provided when adding the token (SSH server address, user
and paths) will be stored in the LUKS2 header in plaintext.
.SH "AUTHORS"
.sp
The cryptsetup\-ssh tool is written by Vojtech Trefny.
.SH "REPORTING BUGS"
.sp
Report bugs at \c
.MTO "cryptsetup\(atlists.linux.dev" "\fBcryptsetup mailing list\fP"
or in \c
.URL "https://gitlab.com/cryptsetup/cryptsetup/\-/issues/new" "\fBIssues project section\fP" "."
.sp
Please attach output of the failed command with \-\-debug option added.
.SH "SEE ALSO"
.sp
.URL "https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions" "\fBCryptsetup FAQ\fP" ""
.sp
\fBcryptsetup\fP(8), \fBintegritysetup\fP(8) and \fBveritysetup\fP(8)
.SH "CRYPTSETUP"
.sp
Part of \c
.URL "https://gitlab.com/cryptsetup/cryptsetup/" "\fBcryptsetup project\fP" "."