3 :manmanual: Maintenance Commands
4 :mansource: cryptsetup-ssh {release-version}
5 :man-linkstyle: pass:[blue R < >]
9 cryptsetup-ssh - manage LUKS2 SSH token
13 *cryptsetup-ssh <action> [<options>] <action args>*
17 Experimental cryptsetup plugin for unlocking LUKS2 devices with token
18 connected to an SSH server.
20 This plugin currently allows only adding a token to an existing key
21 slot. See *cryptsetup(8)* for instructions on how to remove, import or
26 *add <options> <device>*
28 Adds the SSH token to *<device>*.
30 The specified SSH server must contain a key file on the specified path with
31 a passphrase for an existing key slot on the device. Provided
32 credentials will be used by cryptsetup to get the password when opening
33 the device using the token.
35 Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
36 required for this operation.
40 **--key-slot**=_NUM_::
41 Keyslot to assign the token to. If not specified, the token will be
42 assigned to the first key slot matching provided passphrase.
44 **--ssh-keypath**=_STRING_::
45 Path to the SSH key for connecting to the remote server.
47 **--ssh-path**=_STRING_::
48 Path to the key file on the remote server.
50 **--ssh-server**=_STRING_::
51 IP address/URL of the remote server for this token.
53 **--ssh-user**=_STRING_::
54 Username used for the remote server.
60 Show debug messages including JSON metadata
63 Shows more detailed error messages
73 The information provided when adding the token (SSH server address, user
74 and paths) will be stored in the LUKS2 header in plaintext.
78 The cryptsetup-ssh tool is written by Vojtech Trefny.
80 include::man/common_footer.adoc[]