cryptsetup-ssh − manage LUKS2 SSH token
cryptsetup-ssh <options> <action> <action args>
Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server.
This plugin currently allows only adding a token to an existing key slot, see cryptsetup(8) for instruction on how to remove, import or export the token.
add <options> <device>
Adds the SSH token to <device>.
Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device. Provided credentials will be used by cryptsetup to get the password when opening the device using the token.
−−ssh−server, −−ssh−user, −−ssh−keypath and -−ssh−path are required for this operation.
Keyslot to assign the token to. If not specified, the token will be assigned to the first key slot matching provided passphrase.
Path to the SSH key for connecting to the remote server.
Path to the key file on the remote server.
IP address/URL of the remote server for this token.
Username used for the remote server.
Show debug messages
Show debug messages including JSON metadata
Shows more detailed error messages
Print program version
The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext.
Report bugs, including ones in the documentation, on the cryptsetup mailing list at <email@example.com> or in the ’Issues’ section on LUKS website. Please attach the output of the failed command with the −−debug option added.
© 2016-2021 Red Hat, Inc.
Copyright © 2016-2021 Milan Broz
Copyright © 2021 Vojtech Trefny
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
The project website at https://gitlab.com/cryptsetup/cryptsetup