CRYPTSETUP-SSH(8)          (June 2021)          CRYPTSETUP-SSH(8)

     NAME
          cryptsetup-ssh - manage LUKS2 SSH token

     SYNOPSIS
          cryptsetup-ssh ,<options> <action> <action args>/

     DESCRIPTION
          Experimental cryptsetup plugin for unlocking LUKS2 devices
          with token connected to an SSH server.

          This plugin currently allows only adding a token to an
          existing key slot, see cryptsetup(8) for instruction on how
          to remove, import or export the token.

        Add operation
          add <options> <device>

               Adds the SSH token to <device>.

               Specified SSH server must contain a key file on the
               specified path with a passphrase for an existing key
               slot on the device.  Provided credentials will be used
               by cryptsetup to get the password when opening the
               device using the token.

               --ssh-server, --ssh-user, --ssh-keypath and --ssh-path
               are required for this operation.

          --key-slot=,NUM/
               Keyslot to assign the token to. If not specified, the
               token will be assigned to the first key slot matching
               provided passphrase.

          --ssh-keypath=,STRING/
               Path to the SSH key for connecting to the remote
               server.

          --ssh-path=,STRING/
               Path to the key file on the remote server.

          --ssh-server=,STRING/
               IP address/URL of the remote server for this token.

          --ssh-user=,STRING/
               Username used for the remote server.

     Page 1                   cryptsetup-ssh         (printed 5/23/22)

     CRYPTSETUP-SSH(8)          (June 2021)          CRYPTSETUP-SSH(8)

     OPTIONS
          --debug
               Show debug messages

          --debug-json
               Show debug messages including JSON metadata

          -v, --verbose
               Shows more detailed error messages

          -?, --help
               Show help

          -V, --version
               Print program version

     NOTES
          The information provided when adding the token (SSH server
          address, user and paths) will be stored in the LUKS2 header
          in plaintext.

     REPORTING BUGS
          Report bugs, including ones in the documentation, on the
          cryptsetup mailing list at <dm-crypt@saout.de> or in the
          'Issues' section on LUKS website.  Please attach the output
          of the failed command with the --debug option added.

     COPYRIGHT
          Copyright c 2016-2021 Red Hat, Inc.
          Copyright c 2016-2021 Milan Broz
          Copyright c 2021 Vojtech Trefny

          This is free software; see the source for copying condi-
          tions.  There is NO warranty; not even for MERCHANTABILITY
          or FITNESS FOR A PARTICULAR PURPOSE.

     SEE ALSO
          The project website at
          https://gitlab.com/cryptsetup/cryptsetup

     Page 2                   cryptsetup-ssh         (printed 5/23/22)