Better SSH Management with Keepass and Putty
Out of the box keepass recognizes the URI ssh://
and will open it with putty. However it is limited, you can't change ports from the default port 22 nor can you save a convenient list of port forwards. Thankfully this is something you can change.
Things you will need:
Alternativly you can do an easy install with the windows package manager chocolatey
choco install putty.install keepass.install keepass-plugin-keeagent -y
URL overrides
We will now define a new ssh://
override globaly in keepass. It is possible to also do so per entry, for portability, however I do not use this feature as I run linux at home and use a separate override on that system.
- Tools -> Options
- Integration tab
- URL Overrides
- Click the add button
- Enter ssh in the Scheme field
- Enter:
cmd://putty {T-REPLACE-RX:/{S:Forwards}/\{S:Forwards\}/ /} -P {T-REPLACE-RX:/{BASE:PORT}/-1/22 /} {BASE:HOST} -l {USERNAME}
in the url override field. Note: add-pw {PASSWORD}
to the end if you wish to auto submit your password. Just be aware this could be considered slightly insecure.
The Keepass entry
- Create an entry as you normally would adding the
ssh://
URL
Note: to add a port just use ssh://example.tld:222
- If you need port forwards add then under the Advanced tab as a String Field entry in the following format:
-L 6080:127.0.0.1:6080 -L 444:10.1.1.1:444
Now when you open the url you will have your putty session with port changes and port forwards.
Breaking it down
-
cmd://putty
Opens putty via a shell command
-
{T-REPLACE-RX:/{S:Forwards}/\{S:Forwards\}/ /}
If the string field Forwards doesn't exist delete the string
{S:Forwards}
-
-P {T-REPLACE-RX:/{BASE:PORT}/-1/22 /}
The
{BASE:PORT}
placeholder returns-1
If a port is not defined. If this happens we should replace it with the default ssh port 22 -
{BASE:HOST}
The Hostname/IP address part of the URL
-
-l {USERNAME} -pw {PASSWORD}
Login with the username and (optionally) password of the entry
Comments