Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I have to authorise every time Firefox starts up #252

Closed
ikmail1 opened this issue Mar 22, 2014 · 47 comments

Comments

Projects
None yet
@ikmail1
Copy link

commented Mar 22, 2014

You write one has to authorise once every year at the standard settings, but every time Firefox starts up, I get the 'authorise a new connection' window

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 22, 2014

Does KeeFox work as expected once you authorise the connection until you next restart?

After authorising, please check the "KeePassRPC (KeeFox) Options" panel in the KeePass Tools menu. On the "Authorised clients" tab you should see one entry for KeeFox with a random looking unique ID, a long expiry date and a "connected" ticked checkbox.

Have you changed any of the default connection security settings?

If you're still having problems, please provide more detail about your specific system configuration so we can investigate further.

@ghost

This comment has been minimized.

Copy link

commented Mar 23, 2014

I can confirm this issue.
The problem seems to be the fact that I delete all my history on shutdown (Options -> Privacy).
When I disable this option everything works as expected.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 23, 2014

On the "Settings..." button next to the "Clear history when Firefox closes" option, you can adjust the data that you throw away at the end of each session.

I've never used this feature so can't be certain but I suspect that the problem will be that you have opted to delete all "saved passwords".

If that's the case, there are two options:

  1. Deselect that box so that passwords (including the KeeFox authentication information) persist across browser restarts.
  2. Reconfigure KeeFox to use low security mode (this will store the authentication details in the Firefox preferences system instead of as a saved password).

I strongly recommend option 1, not only because it will keep KeeFox more secure but also because the privacy benefit of clearing this part of Firefox after every restart is highly questionable.

@ghost

This comment has been minimized.

Copy link

commented Mar 23, 2014

Hey,

That indeed worked.
I don't recall changing anything between updates but nonetheless it works.

Thanks alot

@Meridon

This comment has been minimized.

Copy link

commented Mar 23, 2014

I have the same problem since the upgrade. The "clear saved passwords" check box in Firefox is not tagged. Security Level is set to "medium".

Any other idea what could be wrong?

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 23, 2014

#235 comes to mind but unless you're doing anything unusual with your Firefox profile or KeePass config file, it's probably not relevant.

Does your "Authorised clients" tab (mentioned above) look OK?

Otherwise, maybe try generating and attaching a KeeFox log: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Options-%7C-Logging

@Mike-Mad-Badger

This comment has been minimized.

Copy link

commented Mar 23, 2014

I have seen a similar issue though my situation is different.
Win 8, FF 28.0, KeeFox 1.3, KeePass 2.25

KeePass repeatedly presents the Authorise New Connection dialog with KeeFox identified as the requestor, even though at that moment in time KeeFox has access to the KeePass database and can successfully conduct logins.

KeeFox never offers the dialog to enter the authentication code given by KeePass, not since the first successful authentication.

FF Clear Passwords is not checked.
The saved passwords dialog includes " chrome://keefox (KPRPC key) " and " -**__-_-__-_**** "
The Unique ID in KeePassRPC (KeeFox) options matches the saved username in the saved passwords dialog above.

The only non-standard thing I do is share a database between two users (the missus and I).
I did wonder if the authentication changes could be at the root - essentially KeePass would have two FF clients for the same KeePass installation and I assume therefore the same KeePassRPC settings?
The issue occurs whether or not the other user is logged in.

It does not, to my knowledge, happen for the first Win 8 user to authenticate (I haven't spent enough time logged in as this user yet), only the user who authenticated second and for whom there are now repetive demands to authenticate. The above FF saved password and KeePassRPC options are from the second user.

@Mike-Mad-Badger

This comment has been minimized.

Copy link

commented Mar 23, 2014

Have just glanced over #235 and there are certainly similarities. It never happaned before the 1.3 upgrade though.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 23, 2014

Yeah the underlying cause is probably similar to #235.

Do you have separate Windows user accounts? If so, you should just need to set a different port for KeePassRPC to use for one of the users. You may have already done something similar in the past for the earlier version of KeeFox but the new connection system uses different ports so any such configuration can't be carried over to version 1.3.

Take a look at https://github.com/luckyrat/KeeFox/wiki/en-|-Options-|-KPRPC-Port and let us know how you get on.

@Mike-Mad-Badger

This comment has been minimized.

Copy link

commented Mar 24, 2014

Tx. I'm just a little confused, your linked wiki page says:

Find your KeePass configuration file and set the port in that file - (while KeePass is closed) insert the following to the <Custom> element:

<Item>
KeeFox < 1.3: <Key>KeePassRPC.connection.port</Key> <Value>00000</Value>
KeeFox >= 1.3: <Key>KeePassRPC.webSocket.port</Key> <Value>00000</Value>
</Item>

There are two confusing aspects, the linked KeePass wiki page gives the location of 4 configuration files, I assume it's the local one?

C:\Users\User Name\AppData\Roaming\KeePass\KeePass.config.xml

Inside that xml file, and after changing the KeeFox settings from within FF there is already this entry:

<Key>KeePassRPC.webSocket.port</Key>
<Value>12646</Value>

12646 being the port I had chosen to differentiate it from 12546.

Is the "KeePassRPC.webSocket.port" key different from the "KeePassRPC.connection.port" key?

Tx,
M

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 24, 2014

Yes, they are different. The "KeePassRPC.connection.port" key is only used for earlier versions of KeePassRPC and for older versions of KeeFox to be able to connect to the 1.3 version of KeePassRPC so that KeeFox can offer a simple upgrade and downgrade path between versions.

The KeePass config file you listed is usually the correct one to modify, unless someone has modified your configuration from the default setup.

On Windows though, you shouldn't need to worry about the config files if you're running under separate Windows accounts - just go to the KeePassRPC Options dialog instead and view or set the port there.

If you have a non-default configuration it's possible that you will be unable to change the setting from that dialog box but if you've managed to set up things to be that complicated, I'd wager that you would already have a deep understanding of the various KeePass configuration files!

@tx3eh8IUD1

This comment has been minimized.

Copy link

commented Mar 24, 2014

I, too, have the same problem.
I have to sign in every time I (re)start firefox.

Whether I set the "save passwords" checked or unchecked does not make a difference.

Windows 8.1 (64bit), FF28, Kepass 2.25, Keefox 1.3.1

update: it does not help to switch all settings to low security both in the plugin settings as well as in keepass. The Authorization dialogue comes up every time.

update2: Whether I clear history upon exiting or not, does not make a difference.

update3: Only one windows account exists

update4: Now also works on medium security settings with deselected password delete upon exit in FF.

@Tassleh0ff

This comment has been minimized.

Copy link

commented Mar 24, 2014

Same problem for me FF 28, Win8.1 x64, Keepass 2.25 and Keefox 1.31, but if I enable password persistance across browser sessions the issue seems resolved.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 24, 2014

@tx3eh8IUD1, have you ever adjusted your KeePass config files?

It's late so I might just be missing something but the only reason I can think for the low-security mode to fail would be if something is resetting Firefox or KeePass configuration after every restart.

If the issue is strictly repeatable by just restarting Firefox (while KeePass is still running) then it indicates that either your Firefox or KeePass configurations are unable to be saved to disk for some reason (maybe file permissions?).

It might help for you to take a look at the detail about where the security information is stored in Firefox and KeePass in case you can investigate those locations more closely to get a clue about what is going wrong: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Technical-%7C-KeePassRPC-detail#connection-security

The about:config setting to look for is: extensions.keefox@chris.tomlinson.KPRPCUsername and you should find the KPRPC config keys towards the bottom of your KeePass config XML file.

@tx3eh8IUD1

This comment has been minimized.

Copy link

commented Mar 27, 2014

@luckyrat
I am happy to report it now works with the low security settings.

However, it took a reboot (?!?!) - though I have no idea why that would be necessary. Doesn't really make logic sense to me.

EDIT: Now also works on medium security settings with deselected password delete upon exit in FF.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 27, 2014

Doesn't make sense to me either. Maybe the reboot fixed a problem that was unrelated to whether the security setting was low or not.

Glad you've got it working but when you next get a spare moment it would be worth trying to pin down whether and why higher security options fail.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Mar 27, 2014

If anyone following this issue is still having a problem, please read the updated troubleshooting tips related to this problem and let us know if any of the suggestions work for you: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox

@Dvvarf

This comment has been minimized.

Copy link

commented Apr 9, 2014

I had the same issue. But for me authorization was not saved not between Firefox restarts, but between system restarts. Steps to reproduce the problem for me were: open FF, authorization, close FF, close KeePass, open FF again, few seconds after the authorization request pops up.
Long story short the problem was that I didn't have the key "PreferUserConfiguration" set in global configuration (%ProgramFiles%\KeePass) and for some reason the auth key was written both to that file and the local one (%APPDATA%\KeePass), but the key was different.

@tx3eh8IUD1

This comment has been minimized.

Copy link

commented Apr 22, 2014

Dear @luckyrat

I just wanted to drop you a note that it now works.
I am on this setup:
Windows 8.1 (64bit), FF28, Kepass 2.25, Keefox 1.3.1

I have all settings on medium, both in KeePass and in Firefox. I deselected "delete passwords on exit" in Firefox but have all other history etc. deletions active.

I have made no changes to the default settings in user configuration or anywhere else.

Thanks for the great tool!

@texpert

This comment has been minimized.

Copy link

commented Apr 23, 2014

The problem persists with KeePass 2.26, FF28, KeeFox 1.3.1, Ubuntu 14.04 x64

"PreferUserConfiguration" is se to "true", but no luck...

@luckyrat

This comment has been minimized.

Copy link
Member

commented Apr 23, 2014

@texpert : Have you followed all of the steps in the troubleshooting guide? (I added a new one regarding PassIFox just yesterday) https://github.com/luckyrat/KeeFox/wiki/en-|-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox

@texpert

This comment has been minimized.

Copy link

commented Apr 23, 2014

Yes, @luckyrat , I have disable all the plugins, restarted FF once - entered the password, it connected with KeePass. Quited FF and repeated the procedure - only to get this again - https://db.tt/UJPA7iYD

Also, I managed to give all the write permission to the files and directories of KeeFox and KeePass - didn't help, though.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Apr 23, 2014

@texpert Please try the new beta of KeeFox (1.4.0b1: https://addons.mozilla.org/en-US/firefox/addon/keefox/versions/) which contains some extra logging for some types of problems.

Then try enabling KeePassRPC logging* and review the log file that gets created. If you want me to cast an eye over it feel free to post it here.

* E.g. "mono KeePass.exe --KPRPCDebug=/tmp/kprpc-debug.log"

@texpert

This comment has been minimized.

Copy link

commented Apr 24, 2014

Thank you, @luckyrat - the log is attached - had to change its extension :)

"Stored key not found - Caused by changed Firefox profile or KeePass instance; changed OS user credentials; or KeePass config file may be corrupt"

Where is supposed to be stored? There is a file keefox.sqlite, but it is 0 size.

log

@luckyrat

This comment has been minimized.

Copy link
Member

commented Apr 24, 2014

The log you've attached is from KeeFox and is interesting but I wonder if the KeePassRPC log would also reveal something interesting (e.g. something like "Could not store KeePassRPC's secret key so you will have to re-authenticate clients such as KeeFox."...)

The KeePassRPC log file would be placed in whatever location you list in the --KPRPCDebug command line parameter demonstrated above.

I notice that your KeePass program is running inside a ".wine" directory which I presume means that you either run KeePass through WINE, or have done in the past. This is the first time I've seen anyone trying to use WINE to execute KeePass so I am naturally very suspicious of this setup.

I've not really got any significant experience of using WINE so I can't be sure how it would interact with the combination of Mono and local communication with Firefox. It sounds like it is more or less working for you (or it is not using WINE at all but just sharing a folder?)

It's possible that the problem relates to either running KeePass within WINE or within the WINE folder structure so if you can try some alternative configurations that could give us some useful information to further diagnose the problem.

The key being referred to by that error message (which incidentally is sent from KeePassRPC but reported into the KeeFox log file) is stored within the KeePass XML config file (there are several possible locations for this - you'll have to look up the details on the KeePass.info website). The key is encrypted using a standard encryption system provided by Windows and Mono and any problems performing this encryption would be reported by the 1.4.0 beta as described above.

@texpert

This comment has been minimized.

Copy link

commented Apr 25, 2014

Here you can see attached the KeePassRPC log and KeePass.config.xml - I can't see any key in it.

KeePass just have been running its installation using Wine, as I understand. So, it is barely residing in Wine folder tree, but not using Wine (old KeePass was installed at /usr/lib/KeePass 2, but also required authorization every time when starting FireFox).

keepass config
krpc-debug

@texpert

This comment has been minimized.

Copy link

commented Apr 25, 2014

Hm, found another file KeePass.exe.config - it has a token inside.
keepass exe config

@luckyrat

This comment has been minimized.

Copy link
Member

commented Apr 25, 2014

Could not store KeePassRPC's secret key so you will have to re-authenticate clients such as KeeFox. The following exception caused this problem: System.Security.Cryptography.CryptographicException: Data protection failed. ---> System.Security.Cryptography.CryptographicException: Improperly protected user's key pairs in '/home/user-03-709/.config/.mono/keypairs'

That's the problem.

Looks to be the same as described in #263. You should be able to fix it by removing the keypairs directory.

@texpert

This comment has been minimized.

Copy link

commented Apr 25, 2014

Yes!!!

Thank you very much, @luckyrat!!!

(Mono recently had big updates - maybe something changed or got broken - the file was dated 2013, June)

@luckyrat

This comment has been minimized.

Copy link
Member

commented May 14, 2014

There's nothing specific here to fix so I'm closing the issue. Feel free to continue discussion here if you have further advice regarding the solutions proposed above but for generic "KeeFox keeps asking me for a password" problems, please post on the forum, after following the troubleshooting guide of course.

https://github.com/luckyrat/KeeFox/wiki/en-|-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox
http://keefox.org/help/forum

@luckyrat luckyrat closed this May 14, 2014

@luckyrat luckyrat added the invalid label May 14, 2014

@slcpunk

This comment has been minimized.

Copy link

commented Jun 17, 2014

Late to the party...Ubuntu 14.04, FF30. KeeFox 1.4.2
Have to auth every time. passwords are saved across sessions.
One thing no one else said, my list of "authorized clients" is ALWAYS EMPTY, even though KeeFox is clearly authorized and working. Its like the authorized client info is not getting saved by the plugin?

Restarting FF starts a loop with KeePass that is hard to break without closing both down and starting from scratch.

@luckyrat

This comment has been minimized.

Copy link
Member

commented Jun 18, 2014

Its like the authorized client info is not getting saved by the plugin?

Sounds about right. There are probably some problems with your file system (probably just some bad permissions on your KeePass config files).

A KeePassRPC log might help narrow down the problem but it might just confirm this guess so I'd suggest exploring that possibility first.

@slcpunk

This comment has been minimized.

Copy link

commented Jun 18, 2014

so in Ubuntu, keepass is installed to /usr/lib/keepass2 which is only readable by root. Since the plugin goes in that folder ... same thing. Is that it? How can move or install keepass to my home folder? ( I suppose I could also change permissions on /usr/lib/keepass )

@luckyrat

This comment has been minimized.

Copy link
Member

commented Jun 24, 2014

It's not the plugin that needs write access, it's your KeePass config file. It can be a bit complicated to explain all the different locations that you can put a config file and I've never looked into the options on a Linux machine but I expect that the KeePass docs will help you work out a way that you can enable write access to the config file but keep stricter permissions elsewhere: http://keepass.info/help/base/configuration.html

@slcpunk

This comment has been minimized.

Copy link

commented Jun 24, 2014

Thanks for the tips, I'll see what I can figure out.  I found the
config file, and it is R/W for my user - but it must be something
like what you say.  I actually have it installed on a laptop and it
works just fine.  ( just slightly different versions of Linux ...
which again is probably enough to make the difference )
Thanks again for your help even when it wasn't your problem!  On 06/24/2014 01:52 AM, luckyrat wrote:

  It's not the plugin that needs write access, it's your KeePass
    config file. It can be a bit complicated to explain all the
    different locations that you can put a config file and I've
    never looked into the options on a Linux machine but I expect
    that the KeePass docs will help you work out a way that you can
    enable write access to the config file but keep stricter
    permissions elsewhere: http://keepass.info/help/base/configuration.html
  —
    Reply to this email directly or view
      it on GitHub.
@justposted

This comment has been minimized.

Copy link

commented Nov 9, 2014

Although an old thread, this is the first hit when I google "keefox authenticate every time" so it seems like a sensible place to add in how I solved the issue.

My issue was that I was having to put in the authentication password every time I started Firefox. The answer, after trying many complicated things, was very simple. I just had to put Keepass somewhere other than my C:/Program Files folder. It's on another drive now and I have only had to authenticate once.

I also had to go into the Keefox options, go to the Keepass tab, point at my Keepass directory and tick the 'remember settings' box. Otherwise it installs Keepass to the Program Files directory automatically.

Thanks for Keefox. It's a brilliant extension and I would struggle to get by without it nowadays.

@slcpunk

This comment has been minimized.

Copy link

commented Nov 21, 2014

The solution for linux folks sure seems to be removing the folder \home.config.mono\keypairs

See issue: https://discussions.zoho.com/keefox#Topic/71684000000570013
Also here: #263

Thanks!

@CodeShadower

This comment has been minimized.

Copy link

commented May 2, 2015

Thanks for this solution, same behaviour happened to me in Ubuntu 15.04 and FF37! :)

@edouard-lopez

This comment has been minimized.

Copy link

commented Jun 24, 2015

Removing keypairs directory solves it:

rm ~/.config/.mono/keypairs -rfi

For following config:

  • Linux Mint 17.1 Rebecca ;
  • Firefox 39.0~b7+build1-0ubuntu0.14.04.1 ;
  • Keepass2 2.25+dfsg-1ubuntu0.1 ;
  • Keefox 1.4.8.1-signed.
@joce

This comment has been minimized.

Copy link

commented Sep 28, 2015

Sorry to revive this, but I recently started experiencing this issue. I'm running on Windows, so the keypairs fix does not apply.

I have the following config:

  • Windows 10
  • Firefox 41.0 (Was also an issue with FF 40.x)
  • KeePass 2.3
  • Keefox 1.5.3

In KeePass, the KeeFox options authorize the client for one year minus one day, yet, if I close and open FF, I will be asked to reenter the authorization code.

@justposted

This comment has been minimized.

Copy link

commented Sep 28, 2015

Have you tried my solution above (install KeePass somewhere off your C drive)?

@joce

This comment has been minimized.

Copy link

commented Sep 28, 2015

@justposted I would like to avoid that as much as possible.

@justposted

This comment has been minimized.

Copy link

commented Sep 28, 2015

Fair enough. Might be worth trying it by just copying your KeePass folder somewhere (maybe a USB drive) and pointing KeeFox at it. Then at least you'll know if the problem is with permissions on your C drive.

@joce

This comment has been minimized.

Copy link

commented Oct 2, 2015

I tried to put it somewhere else on my C: drive, and I got the same result.
I then tried putting it on a USB drive and... same result.
Wherever I put it, I'm asked to reauthenticate.

@joce

This comment has been minimized.

Copy link

commented Oct 6, 2015

Anyone? @luckyrat ?

@luckyrat

This comment has been minimized.

Copy link
Member

commented Oct 6, 2015

@joce

This comment has been minimized.

Copy link

commented Oct 8, 2015

fuuuuuuuu.... It was the "saved passwords" from the clear history that was checked.
All is good now.
Thanks @luckyrat and sorry for the noise!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.