Password Management should be simple. These command line password managers store our credentials, titles, web URLs, notes and other details in an encrypted file. We can use these tools to easily manage our credentials. We can even manage individual password files which are extremely easy to identify and sort.
These tools provide options for editing, adding, generating, and retrieving passwords. It contains a very short and simple shell script capable of temporarily putting passwords on your clipboard and tracking password changes.
In this article, I'll explain about two of the command line Password Manager tools.
1. Passmgr
It is simple and portable password manager tool. It securely stores passphrases and retrieves them via command line. In its default mode, passmgr allows selecting stored passphrases which are then copied to the clipboard for a limited amount of time in order to be pasted into a passphrase field. After this time, the clipboard is erased.
All credentials are stored AES256-GCM encrypted in a single file which by default is located in the users home directory. The encryption key for this file is derived from a master passphrase using scrypt.
Pre-requisites
- Installing Go
- Xclip or Xsel command to be installed
Before installing Passmgr, we need to fulfill these pre-requisites.
Installing Go
Depending on our server architecture, we can download the required package and extract to install.
#yum update # wget https://storage.googleapis.com/golang/go1.6.2.linux-amd64.tar.gz # tar -xzvf go1.6.2.linux-amd64.tar.gz -C /usr/local/
I've downloaded the package for a 64 bit architecture. You can create a work folder set environment variables server-wide as before.
# cd /root # mkdir go # cat /etc/profile.d/goenv.sh export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin # source /etc/profile.d/goenv.sh # go version go version go1.6.2 linux/amd64
Installing Xclip or Xsel
To enable these commands in the CentOS 7 server, we need to install these dependency packages followed by the package installation. Please follow these steps to enable this command.
# yum install libX11.x86_64 # yum install libX11-devel.x86_64 # yum install libXmu.x86_64 # yum install libXmu-devel.x86_64 # wget ftp://mirror.switch.ch/pool/4/mirror/epel/7/x86_64/x/xclip-0.12-5.el7.x86_64.rpm # wget http://dl.fedoraproject.org/pub/epel/7/x86_64/x/xsel-1.2.0-15.el7.x86_64.rpm # rpm -Uvh xsel-1.2.0-15.el7.x86_64.rpm warning: xsel-1.2.0-15.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY Preparing... ################################# [100%] Updating / installing... 1:xsel-1.2.0-15.el7 ################################# [100%] # rpm -Uvh xclip-0.12-5.el7.x86_64.rpm warning: xclip-0.12-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY Preparing... ################################# [100%] Updating / installing... 1:xclip-0.12-5.el7 ################################# [100%]
Installing Passmgr
After completing the above installation, we can enable this Passmgr tool in one single step as below:
# go get github.com/urld/passmgr/cmd/passmgr
Now we can run "passmgr"
to set the master password for our Password Manager tool and make our Primary entry to our tool.
# passmgr [passmgr] new master passphrase for /root/.passmgr_store: [passmgr] retype master passphrase for /root/.passmgr_store: -- store is empty -- Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] a Enter the values for the new entry User: Saheetha URL: linoxide.com Passphrase: n) User URL 1) Saheetha linoxide.com
Passmgr Usages
This tool provides various options to manage the password. We can add, delete, search using a particular string using these options. We can run the help command to list out all possible options using this tool.
# passmgr --help Usage of passmgr: -add store new credentials -appTTL int time in seconds after which the application quits if there is no user interaction (default 120) -clipboardTTL int time in seconds after which the clipboard is reset (default 15) -del delete stored credentials -file string specify the passmgr store (default "/root/.passmgr_store")
Examples:
You can add new entries to our Password Manager tool using the option --add as below:
# passmgr -add [passmgr] master passphrase for /root/.passmgr_store: docker n) User URL 1) Saheetha linoxide.com Enter the values for the new entry User: [email protected] URL: work.example.com Passphrase: n) User URL 1) Saheetha linoxide.com 2) [email protected] work.example.com
We can store/read the credentials to a file using the option --file. By default, all passwords will be stored inside "/root/.passmgr_store" file. We can read the password file for a particular entry using this command as below:
# passmgr -file /root/.passmgr_store [passmgr] master passphrase for /root/.passmgr_store: n) User URL 1) Saheetha linoxide.com 2) [email protected] work.example.com 3) testuser website.com Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] 1 Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] S Select: 1 Passphrase copied to clipboard! Clipboard will be erased in 15 seconds.
We can use the filter option to restrict our search to a particular string as below:
# passmgr [passmgr] master passphrase for /root/.passmgr_store: n) User URL 1) Saheetha linoxide.com 2) [email protected] work.example.com 3) testuser website.com 4) test test.com Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] f Filter: test n) User URL 3) testuser website.com 4) test test.com
The filter can be reset by leaving it empty.
For deleting an entry from the Password Manager tool, we can use the option d or delete. Please see the example below:
# passmgr [passmgr] master passphrase for /root/.passmgr_store: n) User URL 1) Saheetha linoxide.com 2) [email protected] work.example.com 3) testuser website.com 4) test test.com Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] d Delete: 3 Delete all secrets for 'testuser | website.com? [Y/n] y n) User URL 1) Saheetha linoxide.com 2) [email protected] work.example.com 3) test test.com Choose a command [(S)elect/(f)ilter/(a)dd/(d)elete/(q)uit] q
In this example, I've deleted the "testuser"
entry from my Password Manager.
2. Titan
Titan is another Commandline Password Manager tool which can be used in any of the Unix types of Operating systems. It uses OpenSSL library to perform the encryption. AES encryption is used with 256 bit keys. In titan password database is also protected from tampering by using a keyed-hash message authentication code (HMAC). Unique, cryptographically random initialization vector is used during the encryption. New initialization vector is generated each time the password database is encrypted.
Titan uses SQlite for storing the passwords. Database schema is simple and easy.
I've followed these steps to install Titan for our CentOS7 server.
# yum install sqlite-devel.x86_64 sqlite-tcl.x86_64 # yum install openssl-devel # git clone https://github.com/nrosvall/titan.git # cd titan/ # make # make install
Titan Usages
Titan also provides some options for managing the passwords via command line. Let's take a look on few of them below:
To begin with, we need to create a database for storing our passwords. We can create our new database by just running this command.
# titan --init /home/passwords/passwd.db
You can provide the password to protect this database while creating. Now you can add all the required entries to this database using the --add or just -a
option as below:
# titan --add Title: Work Username: sshameer Url: linoxide.com Notes: Admin notes Password (empty to generate new):
Our database should be decrypted for adding the entries. In order to decrypt it you can use the option titan --decrypt [database path]. Here we can use:
# titan --decrypt /home/passwords/passwd.db
For viewing the added entries you can use the option "--list-all".
# titan --list-all ===================================================================== ID: 1 Title: Work User: sshameer Url: linoxide.com Password: ********** Notes: Admin notes Modified: 2017-07-08 15:11:56 =====================================================================
After adding all possible entries you should encrypt our password database for security. We can just run this command to encrypt it.
#titan --encrypt /home/passwords/passwd.db
Please see man titan
or titan --help
for more information.
I have recently found another command line password manager "Passhole" that uses KeePass databases.
Wrapping up
Command-line password managers are simple and great when you remotely login via SSH. Getting all of your existing passwords into the password manager is a good first step. A password manager makes good security as easy as possible. All you need to do is remember one master password (make it a good one!), and the password manager handles the rest, generating and saving a unique password for every account as required. In addition to encrypting these login credentials, it stores them safely. Thanks for reading this article and if you found more tools please feel free to share it here.
Have anything to say?