SSH-keys are the most common way to connect to a server securely and in an effortless way. A good practice is to protect the keys with a long-enough passphrase. Since it can be painful to type it every time one wants to login to a server, ssh-agent is often used to bypass this. But this can be a security caveat, since any malware or anybody who can access the laptop can then use the ssh-key to connect to servers.
When comparing KeePass vs Password Safe, the Slant community recommends KeePass for most people.In the question“What is the best cross-platform password manager?”KeePass is ranked 3rd while Password Safe is ranked 12th. The most important reason people chose KeePass is. KeePassXC began adding new features and keeping the project alive. I find KeePassXC far easier to use compared to KeePass and since it works on many OS’s I feel its the better one to teach you how to use. You also get features that are lacking in KeePass that are a must-have in today’s world if you ask me.
A good way to prevent this from happening is to use KeePassXC to manage your ssh-keys. KeePassXC is a password manager, forked from KeepassX, itself a Linux port of KeePass. KeePassXC is well maintained, and we can take advantage of the new features built inside ! KeePassXC can now store ssh-keys and associated passphrase, and add them into ssh-agent, allowing SSH connection using public key authentication. It can also unload keys from ssh-agent when the lid is closed, the screen is locked, or in case of prolonged inactivity. And display a confirmation dialog whenever the key is acceded !
Password Safe Vs Keepass
If you don’t already own a pair of keys, you can use
ssh-keygen
to get new ones.In this case, I create a 4096 bits RSA key. To be able to login as valouille to my server, I add the content of the public key
/Users/valouille/.ssh/id_rsa.pub
inside the /home/valouille/.ssh/authorized_keys
file.For now, if I try to connect to my server, I’ll be prompted to write down my passphrase to unlock the key. Nothing really new here.
In KeePassXC Settings, the checkbox
Enable SSH Agent
from the SSH Agent
category must be selected. (A restart of KeePassXC is required)After creating a database, we can then add a new entry for the ssh-key :
The fields
Password
& Repeat
are to be filled with the passphrase. Then, we switch to the SSH Agent
category :The first two checkboxes enable the ssh-agent integration functionality, and the third the dialog window that appears each time the key is used. The pixel farm pftrack 2017 06 23 download free.
From now, ssh-agent should have the key loaded :
I should be able to login without entering the passphrase, but since I want a dialog window to prompt me whenever my key is used, a few more steps are needed (at least with macOS)
By default, macOS’s SSH doesn’t ships with an askpass program (like ssh-askpass). This is a pre-requisite for this feature to work. Until then, we get the following error message :
Keepass 2 Reddit
You can use the following commands to install
ssh-askpass
:You’ll then need to logout and re-login to enable it.
Keepassxc Vs Keepassx Mac
Once done, when the KeePassXC password database is unlocked, you should be able to login effortlessly :
To make it easier to validate the dialog window, don’t forget to enable the keyboard control from System Preferences → Keyboard → Shortcuts → Full Keyboard Access… (at the bottom) → All Controls