Advertisement

KeePass: How to store passwords on SFTP

Zeynel -
2 months ago

After leaving Lastpass at least 5 years ago, I'm quite content with KeePass and my choice of its mobile version Keepass2Android.

It is not as simple as paid competitors, almost just because you need to host your own file if you want to be able to access and sync it to your other devices. You can store your file on a WebDAV server, for example, or on OneDrive or Dropbox for sync.

I didn't know how to do that on Windows, so I probably found the second-best option: Storing the database file on an SFTP server. That can be done via software like Bitwise SSH Server. KeePass needs a plugin to open it from there, but the plugin works like it's not even there. Don't worry about the Android counterpart: At least Keepass2Android can directly open the database from an SFTP location. Here, I'll explain how to do this in a few simple steps.

Requirements:

- An always-running computer (in this instance, a Windows Server but it can be any recent Windows version if you know how to set it up).

- A static IP for your server. You should be able to reach this computer via an IP or hostname.

Putting your KeePass database on an SSH server

On the server PC:

1. Install an SFTP server such as Bitvise SSH Server Free if it's not already installed. After downloading, choose the Personal Edition if you want to use the free version.

2. After installation, open Easy settings and go to Virtual accounts tab. Then in the next line, click Virtual account password and set a password. Note both the name and password somewhere; we'll use them soon.

3. In the Virtual accounts tab, click Add and give it a name like "KeepassDatabase". Then, in the "Root directory" line, choose the folder where this file will be stored on the server. 

4. Click OK to add the folder to the list (The default settings and permissions in the Add screen worked for me.)

5. Click Save changes.

On your local PC:

1. Assuming KeePass is already installed, install the IOProtolExt plug-in. Plug-ins are installed by extracting downloaded .zip file contents into \KeePass\Plugins and restarting the KeePass.

2. After restarting KeePass, go to File > Open > Open URL (or Ctrl + Shift + O) and type the URL of the file on the SFTP server. The URL should be like:

sftp://yourserver.com/the_path_to_keepass_file/your_database.kdbx

Fill in the User name and Password fiels according to Name and Password you used in the 2nd step of "On the server PC" title above.

3. In the same dialog, you may want to make sure KeePass remember these credentials, because you probably won't want to enter it every time you open your KeePass database (it is not the master database password, it'll be asked according to your settings).

4. If you're an advanced user, you may want to check settings like timeout in the Advanced tab. Do this now, because to change settings, I think you'll need to "create" this SFTP connection once again in KeePass. When everything is done, click OK.

If you did things right in first go (which would be a bit lucky one), KeePass will ask for your database password and your password store will open right away. This was the fiddly part for me because some settings in Bitvise SSH part may not be right, or maybe you can't even reach the server for some reason. But once you set it up, everything works and you can press Save to save the file directly without using a cached copy.

To keep remote file operations fast, I recommend you to use a small database file like under 1MB. If it's a few MBs and you open or save it frequently, you may want to split it into two files to put big entries onto another file.

If you instructed KeePass to remember your SFTP user name and passwords, even if you open other files in it and close the database, it'll not ask them again when you use the File > Open Recent menu. Which is a good thing.

However, SFTP credentials may not be stored securely in Windows. That's why we didn't reuse your existing SFTP account on Bitwise SSH, instead created a Virtual Account. Even if somebody gets those credentials (except your master password), all they will see would be strongly encrypted KeePass database file, which will practially have no use.

Conclusion

This is only one way of storing your KeePass file remotely, to me a very useful one. The set-up may take your a few minutes or more, but once you do it, it works painlessly. Assuming your server doesn't go down of course. To avoid such a scenerio (or to be able to access it offline), use KPSimpleBackup plugin to backup a copy to your local machine every time your database changes. 



Did you find this article useful?
0 0
Share this page on:



Only registered users can post links.
Checking site status...
 
No comments yet. Ask, or type the first one!