Tech&Science – Studio Blue Planet

KeePass, Keeweb with OneDrive and Dropbox

Introduction

This blog describes some hints to get a self hosted Keeweb working with a KeePass database files stored on Microsoft OneDrive or Dropbox.

KeePass is an open source password manager. It is a PC application storing your credentials and secrets in an encrypted .kdbx database file. I use it for some time now and I am happy with it. I started to use it with my database on a memory stick, to have it anywhere I go. This, however, is not a fine way of working, because I tend to forget my memory stick. So I wondered if I could use my KeePass database in a self hosted web based application. I did some searching around and found Keeweb to be most applicable.

Keeweb comes in a desktop application as well as a web application. The latter seems to be about what I want.

However, I like to be in control and host the application myself. I finally succeeded to get it working with my KeePass database on Microsoft OneDrive and and on Dropbox. There are two sites I would like to mention that provide a howto.

Host Your Own Multi-User Password Manager with KeeWeb and WebDAV
Dropbox and GDrive, which also explains Microsoft OneDrive

Why then, this blog as third howto? Well, following both links still gave me some head-aches. Therefore I report my findings

Open Sesamy: Port-knocking using just one port

Port knocking is a mechanism to provide additional security to firewalling. Port knocking is normally used in firewalls. A target port needed for a particular service (e.g. SecureShell, SSH) is normally closed and the service is unreachable. Only by ‘knocking’ on a number of ports in a particular order opens the target port. Knocking means: sending a TCP or UDP packet to the port. Though the knock ports are closed and won’t respond, the firewall notices the knocks. To the outside world the firewall appears totally closed. Portscans fail. Only when the proper sequence of ports is knocked the target port opens and the service is reachable for a few seconds. During this time-span the service can be reached.

There are a large number of port knock implementation. See for an overview: portknocking.org. Open Sesamy differs from other mechanism because only one port for knocking is needed. It may even be the target port. It is implemented using Linux iptables. This is another difference: most port knocking algorithms are implemented as scripts scrutenising the log files. Using iptables the packet filtering is exploited as present in the Linux kernel or modules.