June 23, 2016 at 07:49Configuring Overrides URLs in Keepass2
Probably everyone already knows that it is always good to have a large and complex password. Many also know about password managers and how convenient, and most importantly, you can safely store information in them.
Due to the nature of my work, I often have to record and store a large number of passwords and other confidential information, so I use Keepass2 , a password manager with a free license. I will not talk about its capabilities and advantages over others, all this has already been discussed more than once. If anyone wants to get to know more, here are a few links: wiki , review article , comparisons with others: 1 2 .
Instead, I would like to talk about one of its interesting functions:
The function is called "URL Overrides", and represents the ability to run the programs associated with the records and send them authentication data directly from Keepass.
For example, you can keep a list of accounts for connecting to a remote server in keepass, and at a certain point select the one you need and simply press Ctrl + U, start the remote connection client, and instantly access your server.
This is very convenient, since all logins and passwords are not stored anyway, but are securely encrypted in your keepass database and are transmitted to the client program only at the time of connection.
The idea is to use Keepass as a single entry point to all remote servers.
I must admit, initially I planned to write an article only about setting up keepas on Linux, but as I wrote this, enough material was accumulated for Windows users as well.
I decided not to deprive most of the users of the more popular OS with such amusing material.
For each protocol, I specified the commands working both under windows and under linux
So let's get started:
Create Records
To keepass to know what protocol corresponds to your recording, you should use a reference type rdp://server, ssh://server,ftp://server
Setting up Keepass2
In order for keepass to know which programs need to be run for these protocols, you need to configure the link handler.
To do this, go to Tools --> Options --> Integraion --> URL Overrides...and configure the protocols:
Ssh
[windows] PuTTY
- Scheme:
ssh - Command:
cmd://"{ENV_PROGRAMFILES_X86}\PuTTY\putty.exe" -ssh "{USERNAME}@{URL:HOST}" -P {URL:PORT} -pw "{PASSWORD}"
[linux] OpenSSH Client
- Scheme:
ssh Command:
cmd://xterm -e sshpass -p {PASSWORD} ssh -o StrictHostKeyChecking=no {USERNAME}@{BASE:RMVSCM}More secure option:
cmd://bash -c 'FILE=$(mktemp) && chmod 600 $FILE && echo {PASSWORD} > $FILE ; xterm -e sshpass -f $FILE ssh -o StrictHostKeyChecking=no {USERNAME}@{BASE:RMVSCM}; rm -f $FILE'
You also need to install the package. sshpass
Instead, xtermyou can substitute your favorite terminal emulator
Rdp
[windows] MSTSC
- Scheme:
rdp - Command:
cmd://cmd /c "cmdkey /generic:TERMSRV/{URL:HOST} /user:{USERNAME} /pass:{PASSWORD} && mstsc /v:{BASE:RMVSCM} && cmdkey /delete:TERMSRV/{URL:HOST}"
Thank you for solving Valiant with bitcollectors.com and DeWhite with habrahabr.ru
[linux] Remmina
- Scheme:
rdp Command:
cmd://bash -c "FILE=/tmp/connect.remmina ; echo -en '[remmina]\nname={TITLE}\nprotocol=RDP\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; remmina -c $FILE ; rm -f $FILE"More secure option:
cmd://bash -c "export DIR=/tmp/remmina; mkdir -p $DIR; chmod 700 $DIR; export FILE=$(mktemp -p $DIR XXXXXXXXXX --suffix=.remmina); echo -e '[remmina]\nname={TITLE}\nprotocol=RDP\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; nohup remmina -c $FILE &"we also need to install a small helper script:
curl -o /usr/local/bin/remmina-encode-password.py https://raw.githubusercontent.com/kvaps/keepass2-url-overriddes/master/remmina/remmina-encode-password.py chmod +x /usr/local/bin/remmina-encode-password.py
Vnc
[windows] RealVNC
- Scheme:
vnc - Command:
cmd://java -jar "{ENV_PROGRAMFILES}\tightvnc-jviewer.jar" -user="{USERNAME}" -password="{PASSWORD}" {BASE:RMVSCM}
Save tightvnc-jviewer.jarto C:\Program Files\tightvnc-jviewer.jar.
[linux] Remmina
- Scheme:
vnc Command:
cmd://bash -c "FILE=/tmp/connect.remmina ; echo -en '[remmina]\nname={TITLE}\nprotocol=VNC\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; remmina -c $FILE ; rm -f $FILE"More secure option:
cmd://bash -c "export DIR=/tmp/remmina; mkdir -p $DIR; chmod 700 $DIR; export FILE=$(mktemp -p $DIR XXXXXXXXXX --suffix=.remmina); echo -e '[remmina]\nname={TITLE}\nprotocol=VNC\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; nohup remmina -c $FILE &"We still need a small helper script, about which I wrote above
curl -o /usr/local/bin/remmina-encode-password.py https://raw.githubusercontent.com/kvaps/keepass2-url-overriddes/master/remmina/remmina-encode-password.py chmod +x /usr/local/bin/remmina-encode-password.py
SAMBA
[windows] Explorer
- Scheme:
smb - Command:
cmd://cmd /c "net use "{BASE:RMVSCM}" /user:"{USERNAME}" "{PASSWORD}" && start \\{BASE:RMVSCM}"
[linux] Nautilus / Thunar / Dolphin
- Scheme:
smb Command:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'smb://{USERNAME}@{BASE:RMVSCM}' ; nautilus 'smb://{USERNAME}@{BASE:RMVSCM}'"More secure option:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'smb://{USERNAME}@{BASE:RMVSCM}' ; nohup nautilus 'smb://{USERNAME}@{BASE:RMVSCM}' &"For Thunar and Dolphin, the command will be the same, just replace
nautiluswiththunarordolphin.
FTP
[windows] FileZilla FTP Client
- Scheme:
ftp - Command:
cmd://"{ENV_PROGRAMFILES_X86}\FileZilla FTP Client\filezilla.exe" 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[windows] Windows Explorer
- Scheme:
ftp - Command:
cmd://"explorer.exe" 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[linux] FileZilla FTP Client
- Scheme:
ftp - Command:
cmd://filezilla 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[linux] Nautilus / Thunar / Dolphin
- Scheme:
smb Command:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'ftp://{USERNAME}@{BASE:RMVSCM}' ; nautilus 'ftp://{USERNAME}@{BASE:RMVSCM}'"Более безопасный вариант:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'ftp://{USERNAME}@{BASE:RMVSCM}' ; nohup nautilus 'ftp://{USERNAME}@{BASE:RMVSCM}' &"Для Thunar и Dolphin команда будет такая же, достаточно заменить
nautilusнаthunarилиdolphin.
TeamViewer
[windows] TeamViewer
- Scheme:
teamviewer - Command:
cmd://"{ENV_PROGRAMFILES_X86}\TeamViewer\TeamViewer.exe" -i "{USERNAME}" --Password "{PASSWORD}"
[linux] TeamViewer
- Scheme:
teamviewer - Command:
cmd://teamviewer -i "{USERNAME}" --Password "{PASSWORD}"
Winbox
[windows] Winbox
- Scheme:
winbox - Command:
cmd://{ENV_PROGRAMFILES_X86}\winbox.exe '{BASE:RMVSCM}' '{USERNAME}' '{PASSWORD}'
Сохраните winbox.exe в C:\Program Files (x86)\winbox.exe.
[linux] Winbox
- Scheme:
winbox - Command:
cmd://winbox '{BASE:RMVSCM}' '{USERNAME}' '{PASSWORD}'
Я использую пакет winbox из AUR.
Cisco
[windows] PuTTY
- Scheme:
cisco Command:
cmd://{ENV_PROGRAMFILES_X86}\scriptsdir\Connector_Cisco.vbs "{S:lan}" "{USERNAME}" "{PASSWORD}" "{S:enable}"Так же скачиваем сам Connector_Cisco.vbs
И сохраняем его по пути:C:\Program Files (x86)\Connector_Cisco.vbsThe solution and script was kindly provided by therb1 with habrahabr.ru
Conclusion
I think there are plenty of examples. That’s probably all.
Now, by selecting the desired entry and pressing Ctrl + U, you will immediately connect to where you want. And you don’t have to save passwords anywhere else.
For more exotic cases, you can always write your own handler, you just need to find out the launch options for the program you need and reflect them in the command.
A couple of related links:
If you have any suggestions / additions, write them in the comments or on Github .
Thank you for attention.