mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-06 00:10:04 +01:00
85 lines
2.4 KiB
Groff
85 lines
2.4 KiB
Groff
.TH CRYPTSETUP-SSH "8" "June 2021" "cryptsetup-ssh" "Maintenance Commands"
|
|
.SH NAME
|
|
cryptsetup-ssh \- manage LUKS2 SSH token
|
|
.SH SYNOPSIS
|
|
.B cryptsetup-ssh
|
|
\fI\,<options> <action> <action args>\/\fR
|
|
.SH DESCRIPTION
|
|
Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected
|
|
to an SSH server.
|
|
|
|
This plugin currently allows only adding a token to an existing key slot, see \fBcryptsetup(8)\fP
|
|
for instruction on how to remove, import or export the token.
|
|
|
|
.SS Add operation
|
|
.PP
|
|
\fIadd\fR <options> <device>
|
|
.IP
|
|
Adds the SSH token to \fB<device>\fR.
|
|
|
|
Specified SSH server must contain a key file on the specified path with a
|
|
passphrase for an existing key slot on the device.
|
|
Provided credentials will be used by cryptsetup to get the password when
|
|
opening the device using the token.
|
|
|
|
\-\-ssh\-server, \-\-ssh\-user, \-\-ssh\-keypath and -\-ssh\-path
|
|
are required for this operation.
|
|
|
|
.TP
|
|
\fB\-\-key\-slot\fR=\fI\,NUM\/\fR
|
|
Keyslot to assign the token to. If not specified, the token will be assigned to the first key slot
|
|
matching provided passphrase.
|
|
.TP
|
|
\fB\-\-ssh\-keypath\fR=\fI\,STRING\/\fR
|
|
Path to the SSH key for connecting to the remote server.
|
|
.TP
|
|
\fB\-\-ssh\-path\fR=\fI\,STRING\/\fR
|
|
Path to the key file on the remote server.
|
|
.TP
|
|
\fB\-\-ssh\-server\fR=\fI\,STRING\/\fR
|
|
IP address/URL of the remote server for this token.
|
|
.TP
|
|
\fB\-\-ssh\-user\fR=\fI\,STRING\/\fR
|
|
Username used for the remote server.
|
|
.IP
|
|
|
|
.SH OPTIONS
|
|
.TP
|
|
\fB\-\-debug\fR
|
|
Show debug messages
|
|
.TP
|
|
\fB\-\-debug\-json\fR
|
|
Show debug messages including JSON metadata
|
|
.TP
|
|
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Shows more detailed error messages
|
|
.TP
|
|
\-?, \fB\-\-help\fR
|
|
Show help
|
|
.TP
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
Print program version
|
|
.PP
|
|
|
|
.SH NOTES
|
|
The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext.
|
|
|
|
.SH REPORTING BUGS
|
|
Report bugs, including ones in the documentation, on
|
|
the cryptsetup mailing list at <dm-crypt@saout.de>
|
|
or in the 'Issues' section on LUKS website.
|
|
Please attach the output of the failed command with the
|
|
\-\-debug option added.
|
|
|
|
.SH COPYRIGHT
|
|
Copyright \(co 2016-2021 Red Hat, Inc.
|
|
.br
|
|
Copyright \(co 2016-2021 Milan Broz
|
|
.br
|
|
Copyright \(co 2021 Vojtech Trefny
|
|
|
|
This is free software; see the source for copying conditions. There is NO
|
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
.SH SEE ALSO
|
|
The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
|