Forum / Remote Desktop Manager - Feature Request

Keepass detect multiple files

  • Create an Issue
  • Cancel

Hi there,

Currently I'm using the Keepass plugin and it works great! Every time I open an entry, the Keepass window will popup and prompt me to select a credential to use for logging onto a server.

The problem is, I have multiple Keepass files that are separated into different tiers (privilege access). It seems that Devolutions RDM can only detect the current ACTIVE Keepass file that is being viewed. Is it possible to adjust this so that it detects all OPENED Keepass files and is able to fetch credentials from either of them?

Always using the latest beta RDM version.
Local data source.

Clock3 yrs

Hi Ricky,
I will verify if it's possible to do it.

Regards

David Hervieux

signaturesignature

Clock3 yrs

Hi, just checking if there's any update on this?

Always using the latest beta RDM version.
Local data source.

Clock3 yrs

It still on our todo list but no change for now.

Regards

David Hervieux

signaturesignature

Clock3 yrs

Hello,

I wanted to let you know we are working on this and will have something along those lines for RDM 12. You will be able to specify multiple databases in the keepass entry by separating the paths with a semicolon. This will allow keepass to go search in the two databases for your credentials.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

V12 just got released. In the changelog, it mentioned this:
"Fixed a possible issue with KeePass"

I'm assuming that was referring to my request in this thread? However, the behaviour hasn't changed. I do not see any new options under settings either, nor is there an update to the Keepass plugin. Just wondering if this has been implemented or is this yet to come?

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello Ricky,

If you enter multiple paths separated by semi-colons, the entry will look into the databases specified by the paths. It is currently not possible to retrieve all the credentials from the currently opened databases.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

Where do I enter "multiple paths"? All I know is that I need to install the Keepass plugin in RDM. Then when I set a RDP entry to use Keepass Embedded credentials, it will open Keepass with the current database I'm looking at.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello,

In your Keepass entry, you would need to check the Set database path manually option and enter the 2 paths separate by a semi-colons
2016 12 02 09 00 39

The path will look like the following: C:\Users\jeffdagenais\Documents\KeePassDatabase.kdbx;C:\Users\jeffdagenais\Documents\NewDatabase2.kdbx

Best regards,



Jeff Dagenais

signaturesignature

2016-12-02_09-00-39.jpg
Clock2 yrs

Sorry for reviving this old thread, but the suggestion doesn't work.

- If you have 2 Keepass files stored on a local drive, both will be referenced.
- If you have one Keepass database on a UNC path, it will load OK.
- If you have 2 Keepass database on a UNC path, only one of them is referenced.

Update:

Nvm I've got it working via a workaround. Both my Keepass files are stored a UNC path (they are shared by co-workers and everyone updates to the same files). Just need to make sure the default session template for RDP points to one of the file in UNC, then open the other Keepass file as you would normally and voila.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello Ricky,

This is strange, I've tested just now in RDM 12.5.3.0 with two UNC paths and it works properly. The paths I had were the following:

\\nas\Public\Hub\db1.kdbx;\\nas\Public\Hub\db2.kdbx

RDM properly opened both databases in KeePass and listed their entries in the resulting window.

It's good you've found a workaround, though we would like to fix this issue so the feature is easier for everyone to use. Could you share with us the string you're using in the "database" field so we can try to reproduce the issue on our end? Any additional information would be helpful.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

That's the exact same setup I've tried. However, when I tested it I was still on v12.5.1. Haven't tried it again on 12.5.3, as my workaround is still working.

My path looked like this:

\\domain.co.nz\blah$\db1.kdbx;\\domain.co.nz\blah$\tier2\db2.kdbx


Right now, my workaround looks like this:
\\domain.co.nz\blah$\tier2\db2.kdbx

And for db1.kdbx, I've set it to open on startup. As long as both kdbx files are opened in Keepass, somehow Devolutions will recognize both (despite there only being one kdbx referenced in the path).

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Ricky,

I've noticed that in your path you use the "$" symbol. I'm wondering if RDM recognises those as a variable and this is why it doesn't work when you specify both paths. Do you think it's possible? If the value is between the "$" is something like $NAME$ or $IP$ or anything RDM would recognise, this might cause issues.
Otherwise, I've been unable to reproduce the issue on our end. I'm glad at least the workaround can work in your case for now.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

Yes that is what I thought too. When you have a $ in the share name, it makes it a hidden share. I haven't tried testing the paths using a normal share (as I don't want to break what I've already got working). There are no values between 2x "$" signs. It's just something like:

\\domain.co.nz\data$\db1.kdbx

We have seen that for some 3rd party apps that reference hidden share paths or namespaces that use the $ sign, the apps will break and fail to work.

Having said that, I don't think the $ sign is the issue. As mentioned earlier, if I put insert a single KDBX path (e.g. \\domain.co.nz\data$\db1.kdbx), it works. It just doesn't work when you have 2 paths.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hi Hubert,

I've updated to the latest version and have tried setting the KDBX files without using my workaround, i.e setup like this:

\\domain.co.nz\blah$\db1.kdbx;\\domain.co.nz\blah$\tier2\db2.kdbx

It's working fine. I've checked with a colleague and it's working for him as well. Not sure if this was fixed in the latest RDM but it's working all good now.


EDIT:

I have a new issue. I've set my default RDP session to load both Keepass entries. If I connect to any server via Quick Connect, it'll trigger the Keepass credential prompt. If the server I'm connecting to does not have an associated entry in Keepass, I'll normally just close the Keepass prompt and RDM will trigger the standard RDP credential prompt for me to type in the creds. The issue I'm experiencing now is that if I close the Keepass prompt, I don't get the normal RDP prompt after that. This used to work but has stopped working since the last 2 versions.

I've tested a fresh installation of RDM on a fresh VM and experienced the same issue.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello Ricky,

We did change a few things but it shouldn't have had any effect on the UNC path issue. Still, I'm happy to hear it's now working as expected.

As for the second thing, this is the new behavior, we have been meaning to change it for a long time but it required reworking things at a pretty deep level so we had been putting it off. I understand that this might be bothersome since you were using this behavior to your advantage. I discussed with David and we'll be adding an option specifically to KeePass entries to revert them to the old behavior. This will be located in File > Options > Types > Credentials, in the KeePass section. Mind that options located there are only applied to the local RDM's configuration, so if you have other users who want to have the previous behavior, they would also have to change their options accordingly.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

Your support is just fantastic. The new version has introduced an option to revert to the old behaviour and I've got it back and working again.

Not sure if I should request this under a new topic as this is probably a new feature request, but just wondering would it be possible to change the load order behaviour? Currently it loads Keepass prompt, then the default credential prompt. I want to swap the order around.

Every time Quick Connect loads Keepass, it takes a while to think about it (especially if you have a large Keepass database and you're loading multiple of them). Secondly, half the time I use Quick Connect, I would just type in my Domain Admin credentials. So basically, I use Keepass for Quick Connect 50/50 of the time. For performance and ease of use, it would make sense to load the default credential prompt first (it's quick to load), if I need Keepass to kick in then I could just close the default credential prompt and let Keepass prompt me to select an entry.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hi,
Hubert is currently on vacation but he is the best to answer you. I will ask him to check that as soon as he gets back.

Regards

David Hervieux

signaturesignature

Clock2 yrs

Hello Ricky,

Sorry about the delay. Could you elaborate on what you mean by the "default credentials" prompt (maybe take a screenshot)?

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

I meant this:

image


Can we switch the order in which a Keepass prompt and default RDP prompt loads?

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Ricky,

Unfortunately this pop up isn't managed by us. This is RDP's own credential pop up which shows up if you were unable to connect to the remote machine. We currently don't have any way to reverse the order of the two prompts due to how RDM functions. We'll keep this on our todo list but I can't give a time frame for a solution.

As a workaround I suppose you could make a second RDP template. The first template which you currently use would have KeePass credentials, while the new one would have "none" credentials. This should allow the RDP prompt to open each time you can't connect to the machine without ever loading KeePass.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Hi Hubert,

This is RDP's own credential pop up which shows up if you were unable to connect to the remote machine

I don't think that's true. If you run mstsc and RDP to a server, that's the popup you get. If you're not using any RDM template, then by default that's the popup you'll see when you connect to a server. So it isn't necessarily a popup that you get if you're unable to connect to a machine, but rather it's just the default Windows RDP popup upon connection to a machine.

Regarding the workaround, I don't think that will help, or perhaps I don't understand what you mean.....I think it'll be easier if I list the following scenarios:

Scenario 1:
- RDP to VMexample01 (workgroup server).
- Keepass prompt pops up and I select the entry Vmexample01.
- RDM logs me in using the credentials saved in Keepass.
- Done.

Scenario 2:
- RDP to VMexample02 (domain-joined server)
- Keepass prompt pops up but I want to login using my Domain Admin account. Close Keepass prompt.
- Default Windows RDP prompt popsup, I type in domain\user_account.
- Done.

The problem here is that 50% of the time, I'm logged into a domain joined server and I don't want to close the Keepass prompt every time just so I can type in my domain credential. The other 50% is when I'm logged into a server where my domain credential won't work, so Keepass prompt will be useful in those instances.

You might ask me, for servers that require my domain credentials, why not just save the connection entries and use my domain credential as the default? Well, I don't login to the same servers every time, it's always different. Sometimes it's faster to just type in the server name in Quick Connect.

In terms of speed, the default Windows RDP prompt will pop up a lot faster than Keepass, as Keepass will need to load the database (in my case 2 databases) so it'll lag a bit. If the order in which the prompt pop ups can be switched around, that will be so much better.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello Ricky,

Sorry about the misunderstanding. The prompt is indeed the same one that opens when you connect with MSTSC to a remote host, but what I mean is it isn't directly handled by us, the Microsoft RDP ActiveX is the one that prompts it if we don't send any credentials to it (which happens when you cancel the Keepass prompt).

I discussed with David and we have an idea for what we could do to handle this use-case better. It will help by only loading the keepass databases if you choose to and allow you to specify credentials right away if you'd rather enter them manually. I don't have an estimated time for the feature at the moment though, but I'll keep this thread updated.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Thanks for the response.

I've tried your suggestion of using a different template and just load one before the other. However, there is only one template for "Session", so I don't think using templates as a workaround will work.

Looking forward to how this gets implemented, keep up the good work team!

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hi Team!

Just checking if there are any updates on this?

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Hello Ricky,

This is still on our list. I'm confident we'll be able to squeeze this in for RDM 13 but it will hopefully be sooner than that.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Good news, the change has been made internally which means it should be available in the next minor RDM update, and for sure in RDM 13. You'll be able to enable it in File > Options > Types > Credentials, then checking the "allow custom credentials in list prompt" checkbox.
2017 09 05 3 11 37 PM

When you have the "always prompt with list" setting and you open the connection, you'll have the following:
2017 09 05 3 14 54 PM

It won't load the entries if you don't click on the "credentials" tab, which should work for your use case. When the newest version will be out can you test it and tell us if it works like you expected? Thank you smile

Regards,

Hubert Mireault

signaturesignature

2017-09-05 3-11-37 PM.jpg
2017-09-05 3-14-54 PM.jpg
Clock2 yrs

I wanted to let you know we'll add it to the next beta, the change isn't in 12.6.7.0. The new beta should come out in around a week.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs

Just FYI, the fix you guys have implemented is working great for me. Thanks.

Always using the latest beta RDM version.
Local data source.

Clock2 yrs

Thank you for getting back to us! I'm glad to hear it works.

Regards,

Hubert Mireault

signaturesignature

Clock2 yrs