Archive for the ‘command line fu’ Category

Password management with TrueCrypt and Dropbox

Monday, August 15th, 2011

Maintaining passwords for multiple servers across multiple development environments is a pain. A few weeks back there was a downed service on one of my servers and I was at a computer without my passwords and hosts files. The debugging session that followed required hopping through multiple servers and in general took a lot longer than it should.

I decided to use DropBox and TrueCrypt to setup a secure password file that was synchronized across all of my environments. The setup for both is dirt simple. I created a 10mb encrypted file called SAFEFILE in my Dropbox, then add a passwords.txt to it.

Then I evolved some code a friend threw my way for generating passwords. Creating a password and storing it directly in my passwords.txt file, and retrieving it is now a snap. The functions copy the password directly to the clipboard for easy pastin.

Adding my ~/.ssh, /etc/hosts, ~/.profile and a few other dotfiles to my Dropbox and symlinking them to my home directory keeps me standard across any environment I use.

Generate a random string 30 chars long for test.account:

jmooberry@local ~ : genpass 30 test.account
password added to passwords.txt as test.account
password copied to clipboard.
//  ole2iUmIGwDxtC9xVqPZiEr34ZJVwD

Grab the password for test.account:

jmooberry@local ~ : getpass test
password for (test.account) copied to clipboard.
// ole2iUmIGwDxtC9xVqPZiEr34ZJVwD

.profile helpers functions:

# password generator
# Usage: genpass 30 test.account.name
function genpass() {
  if [ $# == 0 ]; then
      length=30
  else
      length=$1
  fi
  pass=$(< /dev/random strings | perl -pe 's/\W//g;' | head -c$length)
  echo -n $pass | pbcopy
  if [ $# == 2 ]; then
    echo -en "\n$2\t$pass" >> /Volumes/SAFEFILE/passwords.txt
    echo "password added to passwords.txt as $2"
  fi
  echo "password copied to clipboard."
}

# password grabber
# Usage: getpass test.account.name
function getpass() {
  pass=$(grep $1 /Volumes/SAFEFILE/passwords.txt | perl -pe 's/.+?(\w+)$/$1/;')
  name=$(grep $1 /Volumes/SAFEFILE/passwords.txt | perl -pe 's/(.+?)\s+\w+$/$1/;')
  echo -n $pass | pbcopy
  echo "password for ($name) copied to clipboard."
}

# it's important.
if [ ! -d "/Volumes/SAFEFILE" ]; then
  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
  echo "TRUECRYPT DIRECTORY NOT MOUNTED!!!"
  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
fi

Posted in command line fu, security | Tags: ,  | No Comments »

Quick encrypt for your coffee shop traffic.

Monday, May 16th, 2011

Just a little function to add to your .profile that automatically turns on a socks proxy and tunnels all your traffic through the server of your choice. It’s a simple setup and <CTRL>-C kills the connection and shuts off the proxy. This assumes that you have shell access to some server that you trust to run your traffic through.

I recommend setting up public key authentication for ease of use.

# warm feet
function socks() {
  networksetup -setsocksfirewallproxy AirPort localhost 9999
  ssh -ND 9999 -C username@domain
  networksetup -setsocksfirewallproxystate AirPort off
}

(One caveat: If you happen to close the window of your terminal without hitting <CTRL>-C first, it will not disable the socks proxy.)

Posted in command line fu, security | Tags: , , ,  | 2 Comments »