Skip to content

Listener Configuration

Jump to bottom Edit New page
mheese edited this page Mar 30, 2014 · 3 revisions

Default Settings

Nothing special has to be done when you are running the default settings which are:

  • HTTP listener to localhost on default port 19455
  • HTTPS listener deactivated

Just run it as ever!

Allowing access from remote

When you want to allow access from remote to your KeePass, you should think about the following things:

  • You should know EXACTLY what you are doing! You should never use HTTP listener over the internet or any other insecure connection
  • You probably want this feature because you are running KeePass virtualized in VirtualBox or Parallels and you want to allow access from your host system to your VM network. This can be considered "safe", however, you probably also want to restrict the Firewall rule to a minimum (only allowing from your host system, etc.) and you also should consider running the listener on https as well.
  • If you want to run this over a public connection, THINK TWICE! You probably don't want to do that!
  • If you still want to connect to a remote computer, consider using an SSH tunnel with TCP port forwarding first. With this possibility, you can actually use the default settings and refer to the first section in this page (nothing special has to be done).
  • If this is not an option, you should consider running any other encrypted VPN tunnel connection to the remote computer.
  • If this is not an option either, go for https with required client certificates! (Probably not working right now)
  • If this is also not an option, you should NOT use it! You have been warned :)

If you now know what you want, go on with configuring below

Configuring HTTP listener for remote access

Considering your port is set to PORT_HTTP and your listener address is set to HOST and your windows login is USER, do the following steps:

  1. Open the Windows firewall to your listener address and port (TCP)
  2. Give your user access to bind your listener to the HOST address with the netsh command in an elevated cmd shell: netsh http add urlacl url=http://HOST:PORT_HTTP/ user=USER listen=yes
  3. Restart KeePass. If you get an error during startup which says "Access denied", you most certainly made a mistake with the netsh command.

Configuring HTTPS listener for remote access

  1. Do the same steps as for the HTTP listener, but use https instead of http where necessary
  2. Create a self-signed certificate and import them into your personal windows keystore (TODO: show these steps)
  3. Run the netsh command in an elevated cmd shell to bind the certificate to your listener - the certhash value is the thumbprint of your certificate, the appid should stay exactly like this: netsh http add sslcert ipport=HOST:PORT_HTTPS certhash=e7865bf596c1e492d15c62795f2e25a3c0c98872 appid={5A642578-DFA7-4F75-8483-729B7C32F8E6}
Add a custom footer
Add a custom sidebar
Clone this wiki locally