New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I hit a few snags and found a couple things lacking.
Bitwarden can import KeePass exports, but there are some things it doesn't import quite right. First, the kpa_url fields that KeePass uses to notate multiple urls that the entry can match isn't imported correctly. Bitwarden uses an array for the urls, and it just imports those kpa strings as extra fields.
Also, it doesn't import the steam 2fa totp correctly. Bitwarden is able to generate steam codes (which is its own slightly modified totp), but Ihad to fix it on import.
For both of those, I wrote a quick script to batch modify all my entries. I exported the new vaultwarden vault, then used some matching with that export and the KeePass export to modify the bitwarden export for url matching and the steam totp. Then I wiped my vault and imported the changed file I made.
I am tired of moving passwords from one manager to another. I am planning to run a server locally on a small device like the Pi or maybe a Luckfox Pico and keep it at my home with Vaultwarden installed and maybe use Tailscale to forward (if that's possible). What possible steps should I take to make sure it's safe and secure?
BTW, all of this is on a remote server or local?
IT'S THE SEASON, BLACK FRIDAY HYPE with REAL DEALS. CHECK THEM OUT: https://www.racknerd.com/BlackFriday/ 🔥
I really like how vaultwarden let's you set up emergency access, and it still manages to do it in a way with full end to end encryption. It cleverly generates a public and private key for both the accounts. Tge account allowing recovery encrypts its own key using the other account's public key and gives this encrypted blob to the vaultwarden server. The server can't use the information to decrypt anything, but it maintains the encrypted blob until the other account requests access. When enough time elapses, it turns over this data to the second account, who is then ableto decrypt it with their own private key.
Hello, I would like to double my bandwidth.
Order Number: 3043254651
Thanks!
Yes, but Vaultwarden is self-hosted.
Vaultwarden should be secure enough on its own. After you install it and set it up, you'll want to disable account creation.
I use nginx as my ssl termination and proxy requests to the vaultwarden web server, so my connection is encrypted. I trust vaultwarden to be secure in that respect, and other ports are not forwarded, though I don't think it listens on any other ports anyway.
That's awesome, man. And, I thank you kindly for your detailed explanation.
A local proxmox server. I've moved away from hosting a lot of things remotely, mainly because I built a semi powerful consumer pc for proxmox (64gb ram, 5950x cpu (16core/32thread)).
I still host my email server remotely, for deliverability and because that ip address is static. My home is dynamic, and I just auto update cloudflare dns via my opnsense router.
Oh, I didn't know that. Thank you.
Makes sense. I have been planning to move to something locally hosted for quite some time now, because the best servicesout there are prone to attacks. I plan to host Vaultwarden locally and forward through Tailscale cause my ISP doesn't allow port forwarding. Would that be the recommended approach?
Bitwarden also has a self-hosted option, but you still have to pay a licence fee. We did that at my last job, and I helped manage the server, upgrading it and handling encrypted backups to an external drive.
Vaultwarden is really nice for a self hosted option that is fully compatible with bitwarden clients, and it doesn't cost anything to run.
Oh wow. Hope to have such a setup someday. BTW, do you simply forward the port or use a solution like Tailscale or Wireguard?
So, Vaultwarden it is then. Gotta look into setting it up asap. BTW, does this work on a low-end device. Am I foolish to think this would run on a Luckfox Pico?
Yeah, that seems like a good approach. I'm more comfortable handling automated attacks, since I've been hardening servers for a fair amount of time. So I generally keep things running in their own virtualsservers but have them available through an https proxy, without needing a VPN to connect.
I just do portforwarding. And only for the web services. My router only forwards 443 traffic to my main nginx proxy, and that then proxies the traffic to the various internal servers and ports.
Thanks for that tip. I guess, I am gonna just set itup first, learn the ropes, see if I get any attacks, learn to deal with them and only then start saving my critical passwords there.
With the exception of some gaming related port forwards, so I can host steam and other game servers for myself and a few friends.
Oh, ok, I now have an idea of the approach to take, even though, I am still a beginner. I thank you for all these tips from the bottom of my heart.
I am gonna be back in few, guys. Keep the convo going.
申请流量翻倍 order number:1316754855
Order Number 7854077825 申请流量翻倍
Can you explain what you mean by Steam servers? I am intrigued.
Been busy, but may hop on after church tomorrow if I dont go to play MTG
Hello, I would like to double my bandwidth.
Invoice #19193231
Thanks!
Self hosting games like factorio, 7 days to die, and a few others. There are some specific ports you need to forward for your game to show up in your steam friend accounts, from what I recall. Or at least, those are games I own on steam that require specific port forwards to show up in the game's own lobby
My Luckfox Pico has 128MB DDR3L RAM. Wonder if it can run Valutwarden for just me and a few 200-300 passwords of mine.
You were missed. BTW, no giveaways yet. SO, you are safe there.
Hello, I would like to double my bandwidth.
Invoice #19194408
Thank you