Differences
This shows you the differences between the selected revisions of the page.
2017-02-02 | 2017-10-09 | ||
security_considerations anchor (martin) | HTTPS for keepass.info (martin) | ||
Line 1: | Line 1: | ||
====== Integration with KeePass ====== | ====== Integration with KeePass ====== | ||
- | If you use [[http://keepass.info/|KeePass]] password manager, you may use it as a site manager for WinSCP. | + | If you use [[https://keepass.info/|KeePass]] password manager, you may use it as a site manager for WinSCP. |
Note, that we recommend to manage your sites directly on WinSCP [[ui_login|Login window]] and use a [[master_password|master password]] to protect them (read [[#security_considerations|Security Considerations]] below). | Note, that we recommend to manage your sites directly on WinSCP [[ui_login|Login window]] and use a [[master_password|master password]] to protect them (read [[#security_considerations|Security Considerations]] below). | ||
Line 8: | Line 8: | ||
===== Defining Site ===== | ===== Defining Site ===== | ||
- | Each KeePass password entry has a //[[http://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //User name// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. | + | Each KeePass password entry has a //[[https://keepass.info/help/base/autourl.html|URL]]// field, in addition to //Password// and //User name// fields. You can use the //%%URL%%// field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: ''%%sftp://example.com/%%''. |
&screenshotpict(keepass_entry) | &screenshotpict(keepass_entry) | ||
Line 14: | Line 14: | ||
===== Defining URL Overrides ===== | ===== Defining URL Overrides ===== | ||
- | To make the URLs in password entries working, define a [[http://keepass.info/help/base/autourl.html#override|URL override rule]] in KeePass Options. | + | To make the URLs in password entries working, define a [[https://keepass.info/help/base/autourl.html#override|URL override rule]] in KeePass Options. |
- | In KeePass 2.x ((See [[http://keepass.info/help/base/autourl.html#override|KeePass documentation]] for instructions for KeePass 1.x)) main window go to menu //Tools > Options//. Go to //Integration// tab and press //%%URL%% Overrides// button. On %%URL%% Overrides window press //Add// button. | + | In KeePass 2.x ((See [[https://keepass.info/help/base/autourl.html#override|KeePass documentation]] for instructions for KeePass 1.x)) main window go to menu //Tools > Options//. Go to //Integration// tab and press //%%URL%% Overrides// button. On %%URL%% Overrides window press //Add// button. |
On %%URL%% Override window, to //Scheme// field, enter protocol you want to handle with WinSCP, e.g. ''sftp'' or ''ftp''. In //%%URL%% Override// field, enter: | On %%URL%% Override window, to //Scheme// field, enter protocol you want to handle with WinSCP, e.g. ''sftp'' or ''ftp''. In //%%URL%% Override// field, enter: | ||
Line 26: | Line 26: | ||
The ''%%{T-REPLACE-RX:/{BASE:PORT}/-1//}%%'' is a workaround for KeePass resolving the ''{BASE:PORT}'' placeholder to ''-1'', when a password entry //%%URL%%// field does not specify the port explicitly and KeePass does not know the protocol (such as ''sftp'') to substitute a standard port. | The ''%%{T-REPLACE-RX:/{BASE:PORT}/-1//}%%'' is a workaround for KeePass resolving the ''{BASE:PORT}'' placeholder to ''-1'', when a password entry //%%URL%%// field does not specify the port explicitly and KeePass does not know the protocol (such as ''sftp'') to substitute a standard port. | ||
- | See KeePass documentation for [[http://keepass.info/help/base/placeholders.html|placeholders]]. | + | See KeePass documentation for [[https://keepass.info/help/base/placeholders.html|placeholders]]. |
Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | Repeat override definition for each protocol you want to use with WinSCP (''sftp'', ''ftp'', ''ftps'', ''ftpes'', ''scp'', ''http'', ''https''). If you want to use [[webdav|WebDAV]] sessions, but you want to keep ''http'' protocol reserved for a web browser, you can use [[integration_url#winscp|WinSCP-specific protocol]] ''winscp-http''. | ||
Line 38: | Line 38: | ||
Alternative solution is to use KeePass to manage host name and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). | Alternative solution is to use KeePass to manage host name and username information only and use private key authentication using [[ui_pageant|Pageant]], instead of password. To implement this, remove a reference to password from //%%URL%% Override// field (''%%:{PASSWORD}%%''). | ||
- | For more direct integration with KeePass, see the KeePass plugin [[http://keepass.info/plugins.html#keeagent|KeeAgent]]. | + | For more direct integration with KeePass, see the KeePass plugin [[https://keepass.info/plugins.html#keeagent|KeeAgent]]. |
For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. | For best security, it is good practice to limit how many processes you trust to securely handle your sensitive data. For this reason, we recommend you manage your sites on WinSCP [[ui_login|Login window]] and use a strong WinSCP [[master_password|master password]] to protect them. |