9.8 KiB
在 Linux 终端里管理你的密码
Pass 是一个经典的类 UNIX 密码管理系统,使用 GnuPG (GPG) 作为加密方式,并且终端作为它的主要界面。
这些日子里,我们有了几十个密码。幸运的是,这些密码大部分几乎都是用于网站的,而且你通过互联网浏览器访问了许多网站,许多浏览器都有内置的密码管理器。最普遍的互联网浏览器也有一个同步的功能帮助你所有设备上运行的浏览器之间分发共享密码,所以当你需要它的时候,绝不会找不到你的登录信息。如过这不能够满足你,还有类似 BitWarden 这样优秀的开源项目可以托管你的加密的密码,确保只有你自己才能解锁它们。这些方案帮助你轻松的维护唯一的密码,同时用这些方便的系统来选择密码。但是我的主密码存储库比以上这些方式简单的多。我主要是使用 pass ,一个经典的类 UNIX 密码管理系统,使用 GnuPG (GPG) 作为加密方式,并且终端作为它的主要界面。
安装 pass
你可以从你的发行版仓库中安装 pass 命令。
在 Fedora,Mageia和类似的发行版上,你可以用你的包管理器来安装它:
`$ sudo dnf install pass`
在 Elementary ,Mint 和其它基于 Debian 的发行版上:
`$ sudo apt install pass`
在 macOS ,你可以使用 Homebrew 来安装它:
`$ brew install pass`
设置 GnuPG
在使用 pass 之前,你需要一个有效的 PGP ("Pretty Good Privacy") 密钥。如果你已经维护了一个 PGP 密钥,你可以跳过这个步骤,或者你可以选择为使用 pass 而创建一个新的密钥。最喜闻乐见的开源 PGP 协议是 Linux 附带的 GnuPG (GPG) ,你可以在 macOS 上从 gpgtools.org ,Homebrew 或者 Macports 来安装它。要创建 GnuPG 密码,运行这个命令:
`$ gpg --generate-key`
提示你输入你的名字和电子邮件并且为密钥创建密码。你的密钥是一个数字文件,你的密码只有你自己知道。它俩组合起来能够加密和解锁加密的信息,比如包含密码的文件。
GPG 密钥更像是一个房门钥匙或者车钥匙,如果你是去它,它加密的任何东西将不能在获得。光知道你的密码是不够的。
如果你已经管理了几个 SSH 密钥,你可能就知道怎么回事了。如果你对数字加密密钥是个新手,可能得花些时间来使用。备份你的 ~/.gnupg 目录,你不能随意删除它,除非下次你一时兴起决定尝试一个新的发行版。
做一个备份保持备份安全。
设置 pass
要开始使用 pass , 你必须初始化一个 密码仓库 ,定义为一个已设置的使用指定加密密钥的储存位置。您可以通过与密钥相关联的名称或数字指纹来指示要用于密码存储的GPG密钥。你自己的名字通常更容易选择:
$ pass init seth
mkdir: created directory '/home/seth/.password-store/'
Password store initialized for seth
如果你忘记了你的名称,你可以使用 gpg 命令查看数字指纹和关联你名称的密钥:
$ gpg --list-keys
gpg --list-keys
/home/seth/.gnupg/pubring.kbx
\-----------------------------
pub ed25519 2022-01-06 [SC] [expires: 2024-01-06]
2BFF94286461216C907CBA52F067996F13EF10D8
uid [ultimate] Seth Kenlon <[seth@example.com][7]>
sub cv25519 2022-01-06 [E] [expires: 2024-01-06]
用数字指纹初始化一个和你的名称基本相同的密码仓库:
`$ pass init 2BFF94286461216C907CBA52F067996F13EF10D8`
存储密码
使用 pass add 命令添加密码到你的密码仓库:
$ pass add [www.example.com][8]
Enter password for [www.example.com][8]:
提示你键入你要添加的密码。
密码现在存储到了你的密码仓库中。你可以自己查看一下:
$ ls /root/.password-store/
[www.example.com.gpg][9]
当然,这个文件是不可读的,并且你尝试对它运行 cat 或 less 时,在你的终端上会显示乱码(如果显示太过杂乱,可以使用 reset 命令来恢复你的终端。)
用 pass 编辑密码
I use different user names for different activities online, so the username for a site is often just as important as the password. The pass system allows for this, even though it doesn't prompt you for it by default. You can add a user name to a password file using the pass edit command:
`$ pass edit www.example.com`
This opens a text editor (specifically the editor you have set as your EDITOR or VISUAL environment variable) displaying the contents of the www.example.com file. Currently, that's just a password, but you can add a user name and even another URL or any information you want. It's an encrypted file, so you're free to keep what you want in it.
bd%dc$3a49af49498bb6f31bc964718C
user: seth123
url: example.com
Save the file and close it.
Get a password from pass
To see the contents of a password file, use the pass show command:
$ pass show [www.example.com][8]
bd%dc$3a49af49498bb6f31bc964718C
user: seth123
url: [www.example.org][11]
Search for a password
Sometimes it's tough to remember whether a password is filed under www.example.com or just example.com or even something like app.example.com. Furthermore, some website infrastructures use different URLs for different site functions, so you might file a password away under www.example.com even though you also use the same login information for the partner site www.example.org.
When in doubt, use grep. The pass grep command shows all instances of a search term, either in a file name or in the contents of a file:
$ pass grep example
[www.example.com][8]:
url: [www.example.org][11]
Using pass with a browser
I use pass for information beyond just internet passwords, but websites are where I most often need passwords. I usually have a terminal open somewhere on my computer, so it's not much trouble to Alt+Tab to a terminal and get the information I need with pass. But that's not what I do because there are plugins to integrate pass with web browsers.
Pass host script
First, install the pass host script:
`$ curl -sSL github.com/passff/passff-host/release/latest/download/install_host_app.sh`
This install script places a Python script that helps your browser access your password store and GPG keys. Run it along with the name of the browser you use (or nothing, to see all options):
`$ bash ./install_host_app.sh firefox`
If you use multiple browsers, you can install it for each.
Pass Add-on
Once you've installed the host application, you can install an add-on or extension for your browser. Search for the PassFF plugin in your browser's add-on or extension manager.
(Seth Kenlon, CC BY-SA 4.0)
Install the add-on, and then close and re-launch your browser.
Navigate to a site you've got a password for in your password store. There's now a small P icon in the right of your login text fields.
(Seth Kenlon, CC BY-SA 4.0)
Click on the P button to see a list of matching site names in your password store.
(Seth Kenlon, CC BY-SA 4.0)
Click the pen-and-paper icon to fill in the form or the paper-airplane icon to fill and auto-submit the form.
Easy password management and fully integrated!
Try pass as your Linux password manager
The pass command is a great option for users who want to manage passwords and personal information using tools they already use on a daily basis. If you rely on GPG and a terminal already, then you may enjoy the pass system. It's also an important option for users who don't want their passwords tied to a specific application. Maybe you don't use just one browser, or you don't like the idea that it might be difficult to extract your passwords from an application if you decide to stop using it. With pass, you maintain control of your secrets in a UNIX-like and straightforward system.
via: https://opensource.com/article/22/1/manage-passwords-linux-terminal
作者:Seth Kenlon 选题:lujun9972 译者:译者ID 校对:校对者ID