I uses keepass on both handphone , laptop and desktop.
I also use syncthing to sync the database among the 3 devices.

issue 1:
The problem:
syncthing is too automated and not good interactively, hence generate "conflict backup files" that user need to resolve.
I have got as much as 7 conflicting backups for a file already in the course of 1 year usage.


Syncthing creates "conflict file" of the keepass database when there are data updated on both devices (accident do happen, even thou i tried my best not to open the same database on both devices simultaneously)

I think there are several reason for the generation of conflict file in syncthing:
1.sometime i forgot to press "save" on a device before i edit the related file on another device
2. syncthing have not manage to establish a proper sync between devices well enough before i start edited the related file on another device (especially when i just return from outside)

**syncthing never inform user that it is starting to sync now to whichever device
** syncthing also never inform user that everything is synced up between whichever devices**
**yes, it actually does inform, but it is just a few second notification at the corner of Desktop which i often missed.

in my opinion, this is the down side of syncthing, too automated without interactive with user, hence created all these conflicted file.
If it would prompts me that there are 2 files that have being edited, which one to overwrite or save both (as conflicted file), then i would be able to review the both file and make correction step immediately hence mitigate the generation of so many conflicted backup.



My solution:
1.
I stop using syncthing between laptop and desktop, instead i use sshfs at home. Hence, i only have 1 keepass database between the 2 pc .
2.
However since android phone is not rooted, i can't ssh between android and the computers, i am forced to use syncthing between android phone and ONE of the pc. (hence mitigate too many conflict file generation, but have not solve the problem at all).




issue 2:
I have no time to deal with the "conflicted keepass database" previously, and after prolonged in this state, more and more data on keepass database have being edited. I still have 2 keepass database files ( one has got most of the latest data; which the other has got fewer data that the other file does not have).

Is there tool to verify and combine both keepass database files (since it is encrypted) ?


Anybody have this issue and have solution to it ?
Now, in order to mitigate more of these conflicted files, I tried to reduce the use of syncthing on many folder..

Would it be acceptable to use the keepass database in read-only mode on your phone?

Generally, you should check what options your keepass app (btw, I use only keepassxc) has to offer, like write back to the database immediately after changing it etc.

I'd love to know about that, too.
I never looked into it though - maybe this exists already.

I use syncthing to sync the data between my desktop and laptop with no issues so far. As for Android, I use keepass2android and use sftp to open the file from my desktop. This ensures that I don't need to copy/sync the files between the desktop & phone manually. keepass2android has a sync option and keeps a local copy of the DB so that I can still access the data if I am out and about without access to my desktop.

You could try exporting the data from both files into XML (or html) and then compare them either manually or programmatically. (HTML option exports the passwords in plain text. XML has encrypted passwords)

1 members found this post helpful.

yes, syncthing is not the right tool to sync encrypted databases. Probably would be better to duplicate the database (using a different name), copy, read it and finally merge the new data inside keepassxc.

I did some reading, in order to sync between android and desktop, one need to have server installed on the desktop in order to function. I have not know how to setup any server yet, apart from sshd.

I saw sftp is using ssh.. does it means if i can do ssh from a computer to another, then this keepass can sync the database with the computer with sshd running ?

I am not sure if sshd is consider a ssh server.. not good with server thing yet, will reach there one day. lol

yes, sftp uses SSH to connect to transfer files. The best way to check if your desktop is configured for sftp is to run the following command 'sftp localhost' (without the quotes). If the system is configured to allow sftp then you should get a prompt for password.

> I saw sftp is using ssh.. does it means if i can do ssh from a computer to another, then this keepass can sync the database with the computer with sshd running ?

Yes, that should work

> I am not sure if sshd is consider a ssh server.. not good with server thing yet, will reach there one day. lol

sshd stands for SSH Daemon which is the server component of SSH. (the config file /etc/ssh/sshd_config allows you to configure the server)

I have sshd running on desktop.
However, when i do "sftp localhost" it has no connection. A bit of confusion here.
From what i read: SSH is just a protocol, and sshd is a "server" (ssh daemon) that utilizing ssh protocol, with sshd i can run shell command from another pc on the ssh host.

a daemon (eg: sshd) is = a server program (in win os), right ?
I think SSH is a protocol only. however in linux world , there is a client software that enables "remote shell login" called ironically "ssh", which is confusing sometime. ssh protocol ... client software called ssh and server software called sshd.

Sftp is a software that utilizing ftp protocol upon ssh protocol. However it can't do sftp thru sshd alone.. But i can certainly do scp via the sshd (does that means scp is a part of sshd; but sftp is not) ?

Which sftp package is good to run sftp server ?
Arch wiki recommend vsftpd (very secure ftp daemon), but it is using terminal , it works just like ssh... so, what's the point here ? I wonder why keepass2android not simply use ssh instead of sftp.. If it uses ssh instead of sftp, then user can install one daemon less. **maybe i got right wrong **







I

It is better if keepass is editable on phone as well, not frequent but occasionally i do edit keepass while on phone when i was not at home.

I don't get you on this one. I uses keepassxc on arch (bcos keepass classic crashes on arch), and keepass classic on android.
What do you meant by "check what options keepass pass has to offer" ? What type of option you were refering too ?

Don't know if i grasp your meaning or not:
My Keepassxc does not write back to database immediately after every single character changes. i noticed keepass blinks "*" sign on title bar when i pressed "ok" button; while when i am editing keepass content, the title bar didn't shows "*" at all. note: "*" on title bar means there is changes that have not save to the database.
That goes the same with keepass classic on android, one have to press "save" button in order to save the changes to database.
Both these 2 database are local database.. they are not sync or remote database by any mean.

It is syncthing that never give warning before syncing.. hence creating a mess of conflicted files.
User Suramya suggesting me using keepass2android as it has sftp sync feature... which i would like to try out.. but need to learn to install sftp first.

SSH is a protocol.
The implementation is Client SW (often called ssh) and Server Daemon SW (often called sshd - note the trailing 'd').
As it happens, the 'extra' functionality of scp & sftp capabilities are built-in to the ssh pkg(s), so their functionality is always available.

The general recommendation is to use those pkgs, not the vsftpd server, as it's old skool plain-text ftp protocol, plus SSL layered on top.
This does make it secure, but it is a fiddly setup.
NB: it doesn't come with an associated vsftp client pkg (afaik).

Ssh is pretty much the default std these days for these purposes. It can also be used by the rsync tool for instance.

FWIW, Filezilla is a good GUI Client that can speak to both vsftpd and sshd servers.

HTH

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It can be enabled / disabled in the sshd config.
My sshd_config has the following entry for sftp:

Subsystem sftp /usr/lib/openssh/sftp-server

The following link has instructions on how to enable sftp server on your system: https://www.fosslinux.com/39228/how-...r-on-linux.htm (but I haven't tried them as stfp was always auto enabled in all my machines by default)

keepass2android also supports plain ftp as well but that would be an insecure way to access the file so I would not recommend it.

just wanted to repeat: sftp (like any other similar file copy, sync tool) cannot handle the internal database, can only copy the whole file from one host to another.
If you want to sync individual entries you need to do it inside keepassxc by adding the another/external database to keepass and merge those contents.

Mine (version 2.6.6) definitely does.
It's in Settings => General => Basic settings: Automatically save after every change.
And related, also: Automatically reload the database when modified externally.

I checked, mine is also "enabled by default" - "automatically save after every change"
but this feature does nothing to sync between 2 devices.

However which checking the Application settings, i saw "ssh agent" setting: "enable ssh agent integration" is enabled.. but i have no idea what this do. Any idea ? is this has to do with sync keepass between 2 devices ?

Well it can only apply to the database file currently opened - if you have two different database files on two different devices then no, it won't magically sync.

I do not use this feature. I guess it makes keepassxc work as an ssh agent - no, it won't help you magically sync things either.

As I said, for me it works becase I mount a remote directory containing my database. I am working with the same file.

You should probably seek out keepassxc documentation to get more and better answers.