Mine the Harvest

I’ve finally gotten around to using ssh pass phrases on the ssh keys I uses to authenticate with, and recently was using a nifty applet on Gnome that managed the pass phrase for you when you log into your Gnome session.

Since I mainly use KDE, I found a very simple little app mentioned on this blog that does the same thing for KDE4, ksshaskpass which you can get from here

Compiling and installing is extremely easy, it is a very light app and uses cmake for the build, and builds in seconds.

(Note however that  you need to have cmake installed, and if using Ubuntu you also install build-essential and kdelibs5-dev if using KDE.)

Also, please see the readme describing the script to make in your ~/.kde4/Autostart directory setting your SSH_ASKPATH variable to point to the ksshaskpath binary.

After that you are good to go – when you first use your key a GUI window prompts you once for the password, which gets associated with your Kwallet for the remainder of your session.

Very nice.

NOTE: Since the original post I discovered a new version of PHPChain is available at the project Sourceforge site here. You may test drive it here. The new version has several additional features and the issues with the underlying PHP code described below have been corrected. I had no issues running the new version with PHP 5.3. Unfortunately, there is no way to easily migrate your database from the old version, but the new version does allow the import and export of data in XML format.

PHPChain is a great little app which helps you organize passwords. It uses a web interface, encrypts the passwords in a MySQL database, and supports multiple users, each with their own account. Passwords are organized in user defined groups, and are easy to edit. It automatically alphabetizes entries, helping to organize them further. The interface is extremely easy to use, and it makes storing and organizing you many passwords very easy. You can try a demo of it here.

I opted for this as a solution to store my passwords at home. It provided the added benefit of having access to my passwords from anywhere over an SSL web site. While there may be some slight risk in this, lets be honest — it is a hell of a lot better than the open office document I was using before. And of course you can further protect it by only opening the port it listens on when needed, and even place it behind an .htaccess, etc. You can be as paranoid as you like.

The one thing is that this application does not appear to have been  updated in a while, and if you install it today you may run into a situation where PHP does not read some of the scripts as the author used php short tags

Here are some notes that might help you with your install.

First of course you will need to install apache with the necessary php and ssl packages, as well as php5-mcrypt installed. You will also need to generate a self signed SSL certificate and set up a vhost that will accept SSL connection. You certainly want to use SSL, even if you intend to only access this on you local network as otherwise all traffic will be sent clear text, which would be bad. Setting up apache to use a self signed SSL is pretty straight forward and there are lots of sites for your distro to guide you in this.

At a minimum you will need things like:

apache2-2.2.13-2.3.1.i586
apache2-mod_php5-5.3.0-2.4.3.i586
openssl-0.9.8k-3.4.i586
apache2-mod_php5-5.3.0-2.4.3.i586
php5-mcrypt installed
php5-mysql-5.3.0-2.4.3.i586

Once you download PHPChain, simply extract it in your web document root and create and empty MySQL database, them import the .sql file into it. See the README.txt for details. If you access it now, you will likely see lots of messages as some scripts are not being parsed correctly due to the short tags being used. Find which ones this are by:

Callandor:/srv/www/htdocs/phpchain # grep -R ” ./cat.php: ./inc/menu.php: ./inc/db.php: ./inc/cookie.php: ./inc/header.php: ./inc/header.php:PHPChain – Powered by PHPChain
./inc/header.php: ./inc/header.php: ./inc/header.php: ./inc/header.php: ./inc/crypt.php: ./inc/form.php: ./index.php: ./login.php: ./logout.php: ./newlogin.php: ./password.php: ./settings.php:

Change all instances of the

Callandor:/srv/www/htdocs/phpchain # sed “s/> testchange; sed “s/> testchange

To virst view the changes in each file, and then if it looks good replace with:

Callandor:/srv/www/htdocs/phpchain # sed -i “s/

Or, to be even fancier with it . . .

Callandor:/srv/www/htdocs/phpchain # for i in `grep -R “

Now, the php should work correctly, but you will likely have some warnings dispalyed at the top of the page regarding some constant variable declarations. You can disable php warning by setting the error_reporting level on a per script basis. Turn off errors and warnings in index.php (before the include statements) by adding:
error_reporting(0);

Or set the error reporting level in you php.ini

That should do it, you an now start using PHPChain to manage your passwords in a more secure way. Do ensure to use SSL, and if you connect without SSL PHPChain conspicuously warns you of the danger of this.