Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yet another hackers attack on the infrastructure of companies that offer to store our passwords begs the question:
Quote:
Is there a password manager server application? (Along with browser extentions)
That is an application that stores passwords in a **personal** server (that is publicly accessible), but which is can be connected in a variety of browsers and across many computers.
In essence, a sort of "lastpass" service but with the lastpass server running on a personal server, not on the cloud.
The key here is, of course, the decentralization of password storage, which would make it less interesting for hackers to try and breach the security and get access to someone's personal data.
I am using this post as a guide, but it is not clear if even the enterprise solutions are run on personal servers.
Preferably the application should
- be free software and / or open source
- run on a linux / unix server
- have extentions for browsers (especially firefox) across many archs
I'm not sure of anything that would let you log in from any computer anywhere (like last pass) but if you had a multitude of computers you wanted to access it from you could do the following:
1. install keepassx (or other various offline password managers)
2. store the database on spideroak (encrypted storage)
3. repeat on all computers while referencing the database downloading from spideroak.
That way you can access your passwords from any device securely and it would be updated once changed.
I also use a file key in combination with a password off the spideroak storage to ensure no one could brute force it.
####
A potential (read - untested) idea would be to have a server at home accessible via ssh key-based auth with a password manager installed there. Then ssh -X to it (X forwarding) and load the password manager from there
edit: using pass would prevent the need for X forwarding since it's cli based.
Hi there,
last pass offers browser integration. And this is its unsurpassed asset.
It "senses" the website you are currently viewing and fills in the username and password edit boxes automatically.
This is key asset and I would strongly prefer to keep it.
hm,
well I use password managers for less important logins. Logins that I would preferably do without passwords.
That is mostly for forums and other similar websites where I do not store important personal information.
I do not trust password managers or anyone really with my linux server passwords or any other important credentials.
So I do not mind that a service reads the html page to find username & password editboxes and fills them up.
hm,
well I use password managers for less important logins. Logins that I would preferably do without passwords.
That is mostly for forums and other similar websites where I do not store important personal information.
I do not trust password managers or anyone really with my linux server passwords or any other important credentials.
So I do not mind that a service reads the html page to find username & password editboxes and fills them up.
Good, let's try and not propagate bad habits here LOL
Still, your question seems pretty much unanswered...
Unless of course, by the good advice Sefyr gave...that seems pretty solid
I dont even store passwords for fora...but, I am...hehe...paranoid in some cases
Well, yes and no...you want a central place to keep all passwords...Firefox does keep these...though locally...passwords are...as the purpose implies...measures of security. Like a houde key, kept safe...
Quote:
Yet another hackers attack on the infrastructure of companies that offer to store our passwords
There lies the problem...why store passwords elsewhere? That is like giving your house keys to strangers for "safe keeping"...
One possibility would be a text file, encpyted and stored on a server, downloaded for decrypt-n-use, uploaded for changes...
Personally, I fail to see the use, but, I only see what little I can via this thread
Thor
That is an application that stores passwords in a **personal** server (that is publicly accessible), but which is can be connected in a variety of browsers and across many computers.
My example covers "many computers" but not browsers. It would actually be significantly more secure then lastpass as a password "server" accessed through public key is very secure.
It's nothing but a text file that is encrypted / decrypted in browser and stored on server X.
The source code is available. In theory you could take said source code and run it on your computer creating a personal server.
You could even do this with a apache server that makes https only connections with a password. While a security concern, it would be equal with lastpass in security.
@Thor, well my work flow would benefit from storing passwords at a central location.
I work across different computers and operating systems and lastpass has offered a convenient tool. I can of course ssh to my server from anywhere; open my encrypted passwords text file and get the username and password I need. But this would indeed takes time - especially if I need to access a variety of websites that need signing in. The good thing about this method is that I usually grep the username-password I seek. No need to check that no one is looking over your shoulder.
@Sefyir The secure notepad as a webservice is a nice idea. Quicker for sure than ssh and perhaps not much less secure. I could give it a try. The problem here is those who look over your shoulder of course... I can't have this tab open where all passwords are visible.
I'm telling you lastpass have scored ace with their application. If they gave away source code it would be awesome.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.