summaryrefslogtreecommitdiffstats
path: root/man/cryptsetup-ssh.8.adoc
diff options
context:
space:
mode:
Diffstat (limited to 'man/cryptsetup-ssh.8.adoc')
-rw-r--r--man/cryptsetup-ssh.8.adoc80
1 files changed, 80 insertions, 0 deletions
diff --git a/man/cryptsetup-ssh.8.adoc b/man/cryptsetup-ssh.8.adoc
new file mode 100644
index 0000000..f71f856
--- /dev/null
+++ b/man/cryptsetup-ssh.8.adoc
@@ -0,0 +1,80 @@
+= cryptsetup-ssh(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup-ssh {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+cryptsetup-ssh - manage LUKS2 SSH token
+
+== SYNOPSIS
+
+*cryptsetup-ssh <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Experimental cryptsetup plugin for unlocking LUKS2 devices with token
+connected to an SSH server.
+
+This plugin currently allows only adding a token to an existing key
+slot. See *cryptsetup(8)* for instructions on how to remove, import or
+export the token.
+
+=== Add operation
+
+*add <options> <device>*
+
+Adds the SSH token to *<device>*.
+
+The specified SSH server must contain a key file on the specified path with
+a passphrase for an existing key slot on the device. Provided
+credentials will be used by cryptsetup to get the password when opening
+the device using the token.
+
+Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
+required for this operation.
+
+== OPTIONS
+
+**--key-slot**=_NUM_::
+Keyslot to assign the token to. If not specified, the token will be
+assigned to the first key slot matching provided passphrase.
+
+**--ssh-keypath**=_STRING_::
+Path to the SSH key for connecting to the remote server.
+
+**--ssh-path**=_STRING_::
+Path to the key file on the remote server.
+
+**--ssh-server**=_STRING_::
+IP address/URL of the remote server for this token.
+
+**--ssh-user**=_STRING_::
+Username used for the remote server.
+
+*--debug*::
+Show debug messages
+
+*--debug-json*::
+Show debug messages including JSON metadata
+
+*--verbose, -v*::
+Shows more detailed error messages
+
+*--help, -?*::
+Show help
+
+*--version, -V*::
+Print program version
+
+== NOTES
+
+The information provided when adding the token (SSH server address, user
+and paths) will be stored in the LUKS2 header in plaintext.
+
+== AUTHORS
+
+The cryptsetup-ssh tool is written by Vojtech Trefny.
+
+include::man/common_footer.adoc[]