(trey’s take)On sharing a directory with Windows…

Market forces have conspired into forcing me to have a bare-metal Windows install (a Virtualbox Virtual Machine can no longer cut it). I still would rather work solely in Debian, or some form of Linux distribution (distro!), but this presents me with an opportunity to grow my skills in ways I did not anticipate. First, the scenario:

  1. I use the venerable KeePassX to manage my passwords. It is not to be confused with KeePass. Both programs have similar functions, and even read the same database format (KeePass 1.x), but the latest (and currently maintained) KeePass version depends on .NET, so on Linux that means Mono. Last I checked (which is admittedly a long time ago), the Linux/Mono port looked *terrible*. Luckily, KeePassX has a port for Windows, so I can keep the same look and feel regardless of whether I’m booted into Windows or Linux. FULL DISCLOSURE: KeePassX 0.4.3 has been out for some time, and it appears the development on the next version of KeePassX has slowed to a crawl or is nonexistent.
  2. No matter which computer I’m using, I want to be able to access the password database. In Linux, I just set up a port forward on my WAN router that points to the SSH port on my Debian workstation, and on my satellite devices I use SSHFS to mount the keepass directory. This “tricks” KeePassX in thinking the password database is local to the satellite machine, any changes are immediately available on the main workstation and satellite machines, and there is no reconciling disparate databases. As part of the (manual) SSHFS mount command, I make a local copy on the satellite so the password is available if my central server is not. Note, if my primary home workstation becomes unavailable, and I need to modify the database in any way, I will need to manually merge my KeePassX databases.

My previous architecture is described above. Adding a dual-boot Windows 7 installation to the mix gives me a number of challenges:

  1. There is the problem of sharing the database between both OSes (Windows 7 and Debian), such that both versions of KeePassX operate without having to redirect KeePassX to a different location (C:\Users\trey\keepass in Windows, and /home/trey/keepass in Debian).
  2. Making the database available via SSHFS will pose a challenge on the Windows side.
  3. Making backups of the database may be difficult from the Windows side

My solutions to the above:

  1. Sharing the database between the two systems is relatively straightforward. This is where Linux plays the glue system, and makes up for the inadequacies of others. Windows 7 will store the master password database here: C:\Users\trey\keepass\. I can mount the C: drive in Linux (the ntfs-3g filesystem driver is quite mature), and then bind mount the Windows directory to /home/trey/keepass/. Here are the relevant /etc/fstab entries:
    /dev/sda2                       /windows           ntfs    defaults,uid=1000 0 0
    /windows/Users/trey/keepass     /home/trey/keepass none    bind              0 0

    If I’m booted into Linux, everything is as it was. I don’t anticipate that the database actually residing on an NTFS volume to be a concern, but usage may dictate otherwise.

  2. Making the directory available from the Debian side is already done, and works as expected. Doing so from Windows is a bit more difficult. I’ll need to install OpenSSH in Cygwin, which is done, but it’s not configured. I’ll first need to expose C:\Users\trey\keepass in the Cygwin filesystem tree. I’ll also need to copy the various SSH keys into the Cygwin environment, so my satellite devices don’t know (or care) when they mount the SSHFS volume. I’m currently writing this from Debian; I’ll need to reboot into Windows and continue this post later.
  3. I have no idea how my general rsnapshot backup will work if Windows is booted. I’ll have to think of that later, but assuming the keepass directory is properly exposed in Windows/Cygwin, it should be OK.

On to the Windows side…