Configuring the Overrides URL in Keepass2
Probably everyone already knows that it is always good to have a large and complex password. Many also know about password managers and how convenient, and most importantly, you can safely store information in them.
According to the specifics of my work, I often have to record and store a large number of passwords and other confidential information, so I use Keepass2 , a password manager with a free license. I will not talk about its capabilities and advantages over others, all this has already been discussed more than once. If anyone wants to learn more, here are some links: wiki , review article , comparisons with others: 1 2 .
Instead, I would like to talk about one of his interesting functions:
The function is called "URL Overrides", and it provides the ability to run programs associated with the records and send them authentication data directly from Keepass.
For example, you can keep a list of accounts in keepass for connecting to a remote server, and at a certain moment select the desired one and simply by pressing Ctrl + U, start the remote connection client, and instantly gain access to your server.
This is very convenient, since all logins and passwords are not stored anywhere anymore, but are securely encrypted in your keepass database and transferred to the client program only at the time of connection.
The idea is to use Keepass as a single entry point to all remote servers.
I must admit, initially I planned to write an article just about setting up keepas on Linux, but in the course of writing there was enough material for Windows users.
I decided not to deprive most users of the more popular OS with such amusing material.
For each protocol I specified commands working both under windows and under linux
So let's start:
Creating records
In order for keepass to know which protocol your record corresponds to, you should use links of the form rdp://server , ssh://server , ftp://server
Keepass2 setting
In order for keepass to know which programs need to be run for these protocols, you need to configure a link handler.
To do this, go to Tools --> Options --> Integraion --> URL Overrides... and configure the protocols:
Ssh
[windows] PuTTY
- Scheme:
ssh - Command:
cmd://"{ENV_PROGRAMFILES_X86}\PuTTY\putty.exe" -ssh "{USERNAME}@{URL:HOST}" -P {URL:PORT} -pw "{PASSWORD}"
[linux] OpenSSH Client
- Scheme:
ssh Command:
cmd://xterm -e sshpass -p {PASSWORD} ssh -o StrictHostKeyChecking=no {USERNAME}@{BASE:RMVSCM}More secure option:
cmd://bash -c 'FILE=$(mktemp) && chmod 600 $FILE && echo {PASSWORD} > $FILE ; xterm -e sshpass -f $FILE ssh -o StrictHostKeyChecking=no {USERNAME}@{BASE:RMVSCM}; rm -f $FILE'
You also need to install the sshpass package sshpass
Instead of xterm you can substitute your favorite terminal emulator
RDP
[windows] MSTSC
- Scheme:
rdp - Command:
cmd://cmd /c "cmdkey /generic:TERMSRV/{URL:HOST} /user:{USERNAME} /pass:{PASSWORD} && mstsc /v:{BASE:RMVSCM} && cmdkey /delete:TERMSRV/{URL:HOST}"
Thanks for the decision thanks to Valiant from bitcollectors.com and DeWhite from habrahabr.ru
[linux] Remmina
- Scheme:
rdp Command:
cmd://bash -c "FILE=/tmp/connect.remmina ; echo -en '[remmina]\nname={TITLE}\nprotocol=RDP\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; remmina -c $FILE ; rm -f $FILE"More secure option:
cmd://bash -c "export DIR=/tmp/remmina; mkdir -p $DIR; chmod 700 $DIR; export FILE=$(mktemp -p $DIR XXXXXXXXXX --suffix=.remmina); echo -e '[remmina]\nname={TITLE}\nprotocol=RDP\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; nohup remmina -c $FILE &"we will also need to install a small helper script:
curl -o /usr/local/bin/remmina-encode-password.py https://raw.githubusercontent.com/kvaps/keepass2-url-overriddes/master/remmina/remmina-encode-password.py chmod +x /usr/local/bin/remmina-encode-password.py
VNC
[windows] RealVNC
- Scheme:
vnc - Command:
cmd://java -jar "{ENV_PROGRAMFILES}\tightvnc-jviewer.jar" -user="{USERNAME}" -password="{PASSWORD}" {BASE:RMVSCM}
Save tightvnc-jviewer.jar to C:\Program Files\tightvnc-jviewer.jar .
[linux] Remmina
- Scheme:
vnc Command:
cmd://bash -c "FILE=/tmp/connect.remmina ; echo -en '[remmina]\nname={TITLE}\nprotocol=VNC\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; remmina -c $FILE ; rm -f $FILE"More secure option:
cmd://bash -c "export DIR=/tmp/remmina; mkdir -p $DIR; chmod 700 $DIR; export FILE=$(mktemp -p $DIR XXXXXXXXXX --suffix=.remmina); echo -e '[remmina]\nname={TITLE}\nprotocol=VNC\nserver={BASE:RMVSCM}\nscale=1\nviewmode=1\nusername={USERNAME}\npassword='`remmina-encode-password.py {PASSWORD}` > $FILE ; nohup remmina -c $FILE &"We still need a small helper script, about which I wrote above
curl -o /usr/local/bin/remmina-encode-password.py https://raw.githubusercontent.com/kvaps/keepass2-url-overriddes/master/remmina/remmina-encode-password.py chmod +x /usr/local/bin/remmina-encode-password.py
Samba
[windows] Explorer
- Scheme:
smb - Command:
cmd://cmd /c "net use "{BASE:RMVSCM}" /user:"{USERNAME}" "{PASSWORD}" && start \\{BASE:RMVSCM}"
[linux] Nautilus / Thunar / Dolphin
- Scheme:
smb Command:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'smb://{USERNAME}@{BASE:RMVSCM}' ; nautilus 'smb://{USERNAME}@{BASE:RMVSCM}'"More secure option:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'smb://{USERNAME}@{BASE:RMVSCM}' ; nohup nautilus 'smb://{USERNAME}@{BASE:RMVSCM}' &"For Thunar and Dolphin, the command will be the same; it is enough to replace
nautiluswiththunarordolphin.
FTP
[windows] FileZilla FTP Client
- Scheme:
ftp - Command:
cmd://"{ENV_PROGRAMFILES_X86}\FileZilla FTP Client\filezilla.exe" 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[windows] windows explorer
- Scheme:
ftp - Command:
cmd://"explorer.exe" 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[linux] FileZilla FTP Client
- Scheme:
ftp - Command:
cmd://filezilla 'ftp://{USERNAME}:{PASSWORD}@{BASE:RMVSCM}'
[linux] Nautilus / Thunar / Dolphin
- Scheme:
smb Command:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'ftp://{USERNAME}@{BASE:RMVSCM}' ; nautilus 'ftp://{USERNAME}@{BASE:RMVSCM}'"More secure option:
cmd://bash -c "echo -e '\n{PASSWORD}' | gvfs-mount 'ftp://{USERNAME}@{BASE:RMVSCM}' ; nohup nautilus 'ftp://{USERNAME}@{BASE:RMVSCM}' &"For Thunar and Dolphin, the command will be the same; it is enough to replace
nautiluswiththunarordolphin.
Teamviewer
[windows] TeamViewer
- Scheme:
teamviewer - Command:
cmd://"{ENV_PROGRAMFILES_X86}\TeamViewer\TeamViewer.exe" -i "{USERNAME}" --Password "{PASSWORD}"
[linux] TeamViewer
- Scheme:
teamviewer - Command:
cmd://teamviewer -i "{USERNAME}" --Password "{PASSWORD}"
Winbox
[windows] winbox
- Scheme:
winbox - Command:
cmd://{ENV_PROGRAMFILES_X86}\winbox.exe '{BASE:RMVSCM}' '{USERNAME}' '{PASSWORD}'
Save winbox.exe to C:\Program Files (x86)\winbox.exe .
[linux] Winbox
- Scheme:
winbox - Command:
cmd://winbox '{BASE:RMVSCM}' '{USERNAME}' '{PASSWORD}'
I use the winbox package from AUR .
Cisco
[windows] PuTTY
- Scheme:
cisco Command:
cmd://{ENV_PROGRAMFILES_X86}\scriptsdir\Connector_Cisco.vbs "{S:lan}" "{USERNAME}" "{PASSWORD}" "{S:enable}"Also download Connector_Cisco.vbs itself
And save it along the way:C:\Program Files (x86)\Connector_Cisco.vbsSolution and script kindly provided therb1 with habrahabr.ru
Conclusion
I think there are plenty of examples. This is probably all.
Now, selecting the desired entry and pressing Ctrl + U, you immediately connect where you want. And you don't have to save passwords anywhere else.
For more exotic cases, you can always write your handler, all you need is to know the launch parameters of the program you need and reflect them in the command.
A couple of related links:
If you have any suggestions / additions write them in comments or on Github .
Thank you for attention.
')
Source: https://habr.com/ru/post/303894/
All Articles