Diy Password Manager Syncing

DIY Secure Password Management.

Personally I avoided using a password manager for a long time I never really needed to because I work on my systems on a very regular basis. At the start of this year I joined an IT consultancy company who looks after many clients all of which have many different passwords some even have a different password for every single server they have (Up to hundreds of virtual machines).

We use an open source and cross platform password manager called Gorilla which is a very basic and primitive looking program but it gets the job done for me.

I had an idea one day of using this program myself since it was of course open source I took it upon myself to use it as my own self hosted password manager and start to lock down my accounts more as I can now change every password on every system to be different.

Setting up.

Downloading the binary from the gorilla site (or compile it if you wish) you should end up with a file similiar to that of gorrila1537_64.bin in my case.

Run it with:

$ chmod +x gorrila1537_64.bin
$ mkdir PasswordSafe
$ mv gorilla1537_64.bin PasswordSafe/
$ cd PasswordSafe/
$ ./gorilla1537_64.binary

You should see something like the following:

If you hit New it should prompt you to set a master password for the password. Now a word of warning:

IF YOU LOSE THIS PASSWORD YOU WILL NOT BE ABLE TO RECOVER IT.

You should NOT lose this password under any circumstance, make a hint or something. I like to have a .txt file in the same directory with a hint inside so I can’t forget it.

After that you should see this:

If you click File -> Save As save it in the directory we made before as whatever you want, in my case I’ll save it as test.

You should now see a file with the extension .psafe3. These are encrypted files that Gorilla uses to store the password protected by the master password you set.

Now if you right click the new psafe3 file you created in the Gorilla window you can add subgroups and logins in:

I’ve gone ahead and added some example ones in. You can have this however you want:

You can also edit your logins and add in notes if you wish:

I encourage you to look through the other settings, you can change the master password once you decrypt the file and change the timer settings for when the software locks the file. You can also change the policy and blacklist characters from the password generator if you so wish.

Syncing.

This is now where you have a choice. The company I work for uses an owncloud drive and thats how we sync our password safes and every other file with each other. This is a totally cool way of doing it, I however do not use owncloud or dropbox on personal machines so I have done mine with a script using rsync over SSH.

#!/bin/sh

while getopts ":du" opt; do
  case ${opt} in
    d ) # Download and sync the directory from the server.
    echo "Downloading and Syncing from the server."
    rsync -v user@192.168.1.1:/home/user/PasswordSafe/* /home/user/PasswordSafe
      ;;
    u ) # Upload and sync the directory to the server
    echo "Uploading and Syncing to the server."
    rsync -v /home/user/PasswordSafe/* user@192.168.1.1:/home/user/PasswordSafe/
      ;;
    \? ) echo "Usage: [-d download] [-u upload]"
         echo "[-d] Downloads the latest psafe, [-u] uploads the psafe from this machine."
      ;;
  esac
done

if [[ $1 == "" ]]
  then
    echo "Usage: [-d download] [-u upload] [-h help]"
    exit 0
fi

You will obviously need a server thats accessible over SSH ideally with keys. Setting this up will be covered in an SSH setup post I’m working on.

To run the script save it as a file, I’ll call mine syncsafe.

Make it executable and move it into /usr/bin for easy access.

$ chmod +x syncsafe
$ sudo mv syncsafe /usr/bin/

To run the script and upload a copy of the password safe to the remote server run the command:

$ syncsafe -u

and for downloading the copy from the server:

$ syncsafe -d

Any changes you make use the script to push to the server and if you use a different machine like me and my Thinkpad, I often pull down the latest version of my password safe from my server but this could be automated with a cronjob on boot with passwordless SSH logins for example.

Setting up file association on KDE.

On my systems I run KDE these days and to make it easier for myself I set the Gorilla binary to associate with .psafe3 files so when I double click the file in Dolphin it knows how to open.

On KDE search for File Associations and under Applications press the + Add button. Name the type psafe3 without the dot prefix and under Application Preference Order click + Add again and browse to the Gorilla binary. Apply and save.