systemd-tty-ask-password-agent

List all currently pending system password requests

$ systemd-tty-ask-password-agent --list

$ systemd-tty-ask-password-agent --watch

$ systemd-tty-ask-password-agent --query

$ systemd-tty-ask-password-agent --wall

systemd-tty-ask-password-agent [--watch]

--watch
    Continuously monitors for password requests, allowing it to handle multiple prompts without exiting. Without this option, the agent processes existing password requests and then terminates.

systemd-tty-ask-password-agent is a component of the systemd init system responsible for handling password or passphrase prompts on the text-based console (TTY). It acts as an agent that listens for password requests from other systemd services, most notably during the early boot process when unlocking encrypted disks (e.g., LUKS volumes). When a service requires a password, this agent displays the prompt on the active TTY, securely receives the user's input, and returns it to the requesting service. This ensures that sensitive information, such as encryption passphrases, can be entered directly on the console before a graphical environment is available. It is an integral part of systemd's unified approach to system management and authentication.

Operates exclusively on text-based consoles (TTYs), making it unsuitable for graphical desktop environments where dedicated graphical password agents are used.
Primarily designed for system-level password prompts, such as unlocking encrypted disks during boot, and is not a general-purpose password utility for arbitrary user applications.
Typically runs as a system service with root privileges and is not intended for direct manual user invocation to prompt for passwords.
As input is handled directly on the console, ensuring the physical TTY is secure is important for sensitive operations.

This agent communicates with other systemd components and clients via the D-Bus message bus. It listens for password requests on a well-known D-Bus name, providing a standardized interface for system services to request user input on the console.

systemd-tty-ask-password-agent is commonly managed as a systemd service, typically enabled to run automatically during system boot. Its service unit ensures it's available to handle password prompts from other services, such as systemd-cryptsetup@.service, which manages encrypted volumes.

Part of the systemd project, systemd-tty-ask-password-agent was developed to provide a unified and integrated mechanism for handling system-level password prompts, particularly for encrypted volumes (like LUKS) during the boot process. It became an essential component as systemd adopted more responsibility for early boot tasks and replaced older, less standardized methods for user interaction on the console. Its development is tied to the evolution of systemd itself, which debuted in 2010.

systemd(1), systemd-ask-password(1), systemd-cryptsetup@.service(8), crypttab(5), fstab(5)