lastpass / lastpass-cli Goto Github PK

Please add tab completion for entries. Similar to pass which has tab completion for folders and entries. When dealing with 100s of entries it is pretty essential to make using the cli useful.

It'd also be great if tab completion worked with fuzzy logic so names didn't have to be exact.

Please see pass' bash completion for more details, but I'm sure you guys can figure out a way. ;)

~ > brew install lastpass-cli --with-pinentry --with-doc
Error: No available formula for lastpass-cli
Searching taps...
~>

[1] 16677 segmentation fault lpass login MY_USERNAME

I attempted with all the flags as well.

OSX 10.8.5
Installed with homebrew (0.9.5)
Tested in iTerm, Terminal.
Tested in zsh/sh/bash

A simple login attempt fails after inputting the 2FA code.

After inputting password and 2FA code, I am brought back to the password prompt with a red error message.

Aborted multifactor authentication.

Cancelling the login shows the following error message on the console.

*** Error in `pinentry': free(): invalid next size (normal): 0x00000000024db930 ***

Repeated attempts always result in this message with varying hex values on the end.

I am using Linux Mint 17 with the cinnamon desktop. Pinentry is pinentry-curses version 0.8.3. Everything is fully updated to the versions in the repos.

Using export LPASS_DISABLE_PINENTRY=1 is a viable work around. Additionally, after logging in with the --trust option once, subsequent logins work just fine using pinentry.

I looked in the man page and the help text of lpass, but I couldn't find a way to only copy the password of a site.

I'm using this instead for now:

lpass show github.com|grep password|head -n 1|cut -d ' ' -f 2 | tr -d '\n' | xsel -ib

Is the functionality there and I'm just not looking hard enough? Or are you planning to add it?

Cheers!

Freshly created an account on the website.
I'm using lpass v0.3.0 from Wheezy.
pinentry does not seem to work in my case (didn't investigate)

I thus tried:
$ LPASS_DISABLE_PINENTRY=1 lpass login [email protected]
which results in:
Warning: Could not decrypt private key. Success: Logged in as [email protected]

Following ls/show operation result in:

Error: Unable to fetch blob. Either your session is invalid and you need to login with `lpass login`, you need to synchronize, your blob is empty, or there is something wrong with your internet connection.

A "sync" a 6.3 kb blob file but other ls/show/edit still fail.

Hello do you plan to add offline mode? Right now I see only Error: Couldn't resolve host name. message.

I've somehow managed to accumulate almost 1M files in ~/.lpass/upload-queue, occupying almost 4GB of disk space. Is it safe to nuke the contents of this directory? I noticed because the process that is supposed to handle this queue was consuming a constant amount of CPU (not 100% though; 30-40%).

I'm currently using binaries built from version 6282e79 (0.5.0).

I have a shared folder named Shared-HPC and a subfolder named Omega inside that folder
I created an entry via the gui or web interface named guitest in the shared folder Shared-HPC/Omega
The entry works as expected.

I can not figure out how to create an entry in the shared folder via the cli.

I can get the export entries to match...
charles@x5:/apps/lastpass-cli$ lpass export | grep testcw
http://test/,,,Omega/testcw,testcw,Omega

charles@x5:/apps/lastpass-cli$ lpass export | grep guitest
chrome://lastpass/content/home2.xul,,,Omega/guitest,guitest,Omega

but export and show have different output and the gui shows testcw was created in a non-shared folder Omega rather than in Shared-HPC/Omega

Apparently export doesn't export everything.

charles@x5:/apps/lastpass-cli$ lpass show --all 4510360566
Omega/testcw [id: 4510360566]
URL: http://test/

charles@x5:/apps/lastpass-cli$ lpass show --all 4510166626
Shared-HPC/Omega/guitest [id: 4510166626]
URL: chrome://lastpass/content/home2.xul

Any help on how to use the cli to create an entry in a shared folder would be appreciated.
Thanks.

Understand if Windows support needs to be a fork, but I would imagine there are very few LastPass users who don't ever use Windows, even if only for corporate email and the like. :)

It'd be good to verify that this code is actually supplied by the lastpass team.

The sanest way I can think of to do that is a link/mention of from https://lastpass.com/ to this github organization. Is there one?

Lastspass CLI has been working fine then suddenly today I get the following message when attempting login:

Error: Peer certificate cannot be authenticated with given CA certificates.

I have created an integration with Alfred on OSX which works really well.

However, as we are essentially interacting with the Lastpass CLI programmatically there is a new feature I need.

Take for example the following command:
/usr/local/bin/lpass ls | grep -i crash

If you are not logged in, the CLI puts up a prompt requesting you log in, however with Alfred I am doing this all in the background and force a user to log in with "lplogin" separately which brings up the prompt.

Therefore when running this in the background, the perl script just hangs... therefore I would like to request the following:

New flag created for lpass which is --disable-login-prompt

Desired behaviour of this would be if running:
/usr/local/bin/lpass ls --disable-login-prompt | grep -i crash

If logged in, the application would run, if not logged in it exits with a code other than zero and outputs a message to STDERR stating that the user needs to be logged in.

That would be utterly amazing and would enable better interaction with the lpass agent with a different front end than just an ssh prompt.
Cheers,
Stuart

When trying to edit an entry I cannot edit multiple fields in one command.

lpass edit --url --username example.com

The above example just returns to the command prompt. I also tried specifying values

lpass edit --url=example.com --username=rothgar example.com

But I'm returned an error that the edit: option '--url' doesn't allow an argument. I think there needs to be an easier way to edit multiple values for an entry.

I also tried --non-interactive but I still had the same result.

as instead plain text. We need more safety. Anyone can read our passwords now. AES256 should be fine.

The yellow font used for some alerts is illegible on white backgrounds

Hi, I just want to report that the version installed via brew on mac is 0.3.0, while for brew is already at 0.4.0

Mercurio:~ giulios123$ lpass --version
LastPass CLI v0.3.0

Mercurio:~ giulios123$ brew info lastpass-cli
lastpass-cli: stable 0.4.0 (bottled), HEAD

First, realy nice project, 👍

It would be really nice if lpass would not clutter my home directory.

I suggest respecting the XDG Base Directory Specification.

For example:
Most files should be located at $XDG_RUNTIME_DIR/lpassinstead of $HOME/.lpass.

Hello, could you please start signing your release tags? Thanks!

As shipped, curl/curl.h can't be found since it's in /usr/local/include. BSD's also use sys/endian.h instead of endian.h.

Fixing these leaves me with linking problems. The warnings are a result of using OpenSSL from ports while libcurl is linked to the system OpenSSL, not sure what to do about that. I'll see about fixing the undefined functions - they should probably #error out on unsupported systems.

 cc   lpass.o cmd-ls.o cmd-duplicate.o http.o kdf.o cmd-show.o blob.o upload-queue.o endpoints-login.o cmd.o process.o password.o util.o terminal.o cmd-login.o cmd-generate.o endpoints.o cipher.o cmd-logout.o cmd-rm.o agent.o cmd-edit.o config.o session.o xml.o cmd-sync.o clipboard.o  -lcurl -L/usr/local/lib -lxml2   -lssl -lcrypto -o lpass
/usr/bin/ld: warning: libcrypto.so.7, needed by //usr/lib/libheimntlm.so.11, may conflict with libcrypto.so.8
upload-queue.o: In function `upload_queue_is_running':
upload-queue.c:(.text+0x6f): undefined reference to `process_is_same_executable'
upload-queue.o: In function `upload_queue_ensure_running':
upload-queue.c:(.text+0x34c): undefined reference to `process_is_same_executable'
upload-queue.c:(.text+0x653): undefined reference to `process_is_same_executable'
agent.o: In function `agent_kill':
agent.c:(.text+0x262): undefined reference to `agent_socket_get_cred'
agent.o: In function `agent_start':
agent.c:(.text+0x564): undefined reference to `process_disable_ptrace'
agent.c:(.text+0x709): undefined reference to `agent_socket_get_cred'
agent.c:(.text+0x747): undefined reference to `process_is_same_executable'
cmd-edit.o: In function `cmd_edit':
cmd-edit.c:(.text+0x3e9): undefined reference to `shared_memory_dir'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
<builtin>: recipe for target 'lpass' failed
gmake: *** [lpass] Error 1
zsh: exit 2     gmake

See https://aur.archlinux.org/packages.php?O=0&L=0&C=0&K=lastpass-cli

Maybe a mention in the readme?

It would be great to have a way to:

• Add/Rename/Delete a shared folder
• Describe in which folder a site should be created

If you've got some documentations about the related protocol (mostly around administrating them), I'd be happy to prepare a pull request.

How do I access attachments for secure notes? This is usually where I store private keys.

By default if you use lpass show --clip example you will get all of the contents of the site in the following structure copied to your clipboard.

example/example [id: 0000000000]
Username: admin
Password: password
URL: https://example.com/

That is fairly useless in a copy/paste form and is redundant with the --all option. It would be better if --password was the default because that is usually the sensitive value being stored in a password manager.

It would also be helpful if there could be shortened version of --username and --password (-u and -p) to save with typing when copy/pasting the most often used values.

When running lpass show it should do a fuzzy search or some other kind other searching/pattern matching. My use case I have a entry in Lastpass with the name "dropbox.com" but running lpass show dropbox results with the following error:

Error: Could not find specified account 'dropbox'.

Expected results would have been to match "dropbox.com". In case of the search returns multiple entries maybe return just the account name and the ID for each account allowing the user to be more explicit about which account they want. Right now the best the user can do if they don't know the exact name is do a lpass ls and pipe the output to grep or some similar tool.

Hi Team,
I am not sure if anyone else is suffering this but on OSX using iTerm (or Terminal), when I use:
/usr/local/bin/lpass login --trust ""

If I accidentally type a character wrong while putting in my password and try to use backspace, it interprets it as a character, therefore I have to cancel and start again.

Is there any possibility of fixing to interpret backspace as an actual backspace?
Cheers,
Stuart

I built this on Ubuntu 14.04 on armhf (it's an ODROID U3). The resulting binary is 67972 bytes.
I pasted the output from make here: http://pastebin.com/Ppgxe1aG

lpass login $MYMAILADDRESS
gives me only the usage information:
Usage: lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME

The same thing happens when I put the address in quotes or escape the @ with a backslash.

Please allow lpass to fork a process that can clear the clipboard after content is copied. 45 seconds - 1 minute I would assume is a good default value and should give ample time to paste the password into the desired window.

Maybe allow it to be configurable via environment variables too.

Does lastpass-cli support pinentry-gtk2?, if not, can it?

I am using several subfolders in my vault. It seems like those subfolders show up ungrouped in lpass ls with just their id shown. Is this intended behaviour?

$ lpass ls
Development\Sites
    Testentry [id: 3886944626]
 [id: 3886932556]
[...]

$ lpass show 3886932556
Development\Sites/ [id: 3886932556]
URL: http://group

Hi, first I'd like to thank you for the great tool. I love it!

One small problem is that forward slash is displayed as a new line (interpreted as a folder name) when doing 'lpass ls'

For example, I have an entry 'spaceship cpanel / ftp'.
'lpass ls' would show

spaceship cpanel
    ftp [id: xxxxxxx]

Entering Google Authenticator OTP using the number pad on an external keyboard results in failed login, entering via number keys on top row works correctly. I also noticed that when entering via the number pad more than one char was entered per key press. Disabling pinentry using LPASS_DISABLE_PINENTRY correctly allows the use of the number pad.

pinentry-curses (pinentry) 0.8.3
iTerm2 Build 1.0.0.20130811
OS X 10.9.5

I've tried to run it on an ARM device (raspberry) but it doesn't seem to work.

I've managed to install it after patching the Makefile file but then I can't log in. If i just type $ lpass I don't get any response.

It runs perfect on Debian based systems with x86 architecture.

We have toopher authentication required on our corporate last pass accounts.

Every time I do lpass login MYUSERNAME I have to goto my phone and click "Approve" in toopher.

Is the command line utility supposed to remember my device/computer like the chrome plugin does? Or is this expected behavior? If it's expected it'd make scripting password changes (like https://github.com/lastpass/lastpass-cli/blob/master/contrib/examples/change-ssh-password.sh) nearly impossible.

One of the biggest uses we can see for this cli would be to do regular encrypted exports. We currently do this once a month by hand but would love to have an automated script on one of our bastion servers. We have had users delete entries before and not realise until LastPass had purged the records.

I guess we could use this current tool and archive the ~/.lpass/blob file but it there isn't really a way to then import that in back in as I can see it.

Bonus points if the export can make a file that can then be read by LastPass Pocket :-)

Thank you

Just keeps giving me 'incorrect password' messages. I'm certain I've typed in the master password correctly.

Tried using both personal account and enterprise account. I have 2FA enabled on both.

Env: OSX Lion, both with and without pinentry installed.
Built from 2b9b756

Is there any way to debug this?

As a user I'd like an option to the login command so that I can specify the token expiry time (including never).

I want to use lpass to hold my mail password, if the token expires then my mail stops updating.

An extension would be to optionally bring up a GUI dialogue to request the master password for token renewal when it expires.

As title explain, every time I try to do lpass export it ask me again for master password.(even if I'm already logged in)

Is it normal or not?

With lpass show it would be nice to get a list of matches with the unique-id for each if there were multiple matches.

Or what's a better way to find out about the unique id of the items?

I don't know if lasspass API allows that, but that would be pretty nice.

Similar to #1, I am also trying to use Secure Notes for storing SSH keys. It appears that the CLI doesn't know how to extract specific fields from a Secure Note? For example, I would like to be able to extract the Passphrase in one call and the ASCII-armored version of the private key from the main Notes field. This is what happens:

riva% lpass show csoc-prod
NoteType:SSH Key
Bit Strength:
Format:
Passphrase:foobar
Private Key:
Public Key:
Hostname:
Date:January,1,
Notes:-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,6541654651030346

<encrypted text here>
-----END RSA PRIVATE KEY-----

Mon Mar  2, 10:59 | /home/dblewett
riva% lpass show --field=Notes csoc-prod
Error: Could not find specified field 'Notes'.

Mon Mar  2, 10:59 | /home/dblewett
riva% lpass show --field=Passphrase csoc-prod
Error: Could not find specified field 'Passphrase'.

If the CLI supported specifying these fields, it would make the Public Key and Private Key fields useful as otherwise they are not due to https://forums.lastpass.com/viewtopic.php?f=7&t=94925 .

Platform: Arch Linux 3.17.1
Package: tested both lastpass-cli and lastpass-cli-git from AUR (lpass -v reports LastPass CLI v0.3.0)

Login reports success (master password is entered, yubikey prompt received, OTP entered via yubikey, successful login message shows in terminal).

'lpass sync' returns 0 exit status (no other success/failure message)

The ~/.lpass directory shows blob and other expected files, all of non-zero size, so it looks like there was a good initial sync (this is actually the case after login even without running the explicit sync).

However running any lpass command (lpass ls) results in the error "Error: Unable to fetch blob. Either your session is invalid and you need to login with lpass login, you need to synchronize, your blob is empty, or there is something wrong with your internet connection."

I've tried to explicitly set env variables such as LPASS_HOME to make sure it was looking in .lpass (it was) and have logged out and in several times to test. Results are the same each time. Successful login and unsuccessful subsequent commands.

Logout is successful.

I've also tested disabling the agent, pinentry, via the appropriate env. variables with no change in this error condition.

I note that in my lastpass account settings, if I use the --trust option upon login I do not see the device listed in the trusted devices in my account. I have tested with and with --trust during login and this error is the same each time.

I've been experimenting with trying to get LastPass for Applications -like functionality in Cinnamon.

Not very far yet.

http://cinnamon-spices.linuxmint.com/applets/view/60
sudo apt-get install pinentry-gtk2
make sure to -f logout

However when I lpass ls in console there doesn't seem to be any entries for Applications, much less ids that I can use to get usernames and passwords.

From what I can make of the code, this seems to be more an omission than filtering.

I am on the latest and greatest OSX. I have installed from this repository.

I do not get the lpass export option required to make something I want to work. What have I done wrong, or what should I do to troubleshoot further?

Arbiter:.ssh thomasdenton$ lpass --version
LastPass CLI v0.3.0
Arbiter:.ssh thomasdenton$ lpass
Usage:
lpass {--help|--version}
lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME
lpass logout [--force, -f]
lpass show [--sync=auto|now|no] [--clip, -c] [--all|--username|--password|--url|--notes|--field=FIELD|--id|--name] {UNIQUENAME|UNIQUEID}
lpass ls [--sync=auto|now|no] [GROUP]
lpass edit [--sync=auto|now|no] [--non-interactive] {--name|--username|--password|--url|--notes|--field=FIELD} {NAME|UNIQUEID}
lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH
lpass duplicate [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
lpass rm [--sync=auto|now|no] {UNIQUENAME|UNIQUEID}
lpass sync [--background, -b]
Arbiter:.ssh thomasdenton$

In example file change-ssh-password.sh, line 88, where you initialize temporary_password_name, there's a possible problem.

$RANDOM is not initialized anywhere in the script. So the $RANDOM$RANDOM$RANDOM at the end of the line is useless and will return null. I'm supposing that this is not your intent.

A note in the readme to precise the licensing would make things clearer.

Hit "^C" while being prompted for the master password and input is no longer echoed too the screen.

Either add signal handlers, or register an "atexit()" routine to to restore termios.

When running with LANG=en_CA.UTF-8, I see an unusual problem (possibly from pinentry?) when I run "lpass login". See attached screenshot.

I am utterly unable to reproduce this with pinentry other than by running "lpass login", so I can't tell you why this occurs, sorry.

Firstly, thank you sincerely for this wonderful interface, and thank you many times over for releasing it as open-source. It is very much appreciated.

It would be a huge help for compiling if at least example packages were listed for the dependencies, for example for the Ubuntu or Fedora repositories (even if one uses another distro, these point in the right direction). It's hard to know whether a devel package is needed or which version is required, etc.

So for example (these versions are not necessarily correct, another reason for this issue posting):

• LibreSSL or OpenSSL - e.g. sudo apt-get install libssl-dev
• libcurl - e.g. sudo apt-get install libcurl4-openssl-dev
• libxml2 - e.g. sudo apt-get install libxml2-dev
• pinentry (optional) - e.g. sudo apt-get install pinentry-curses
• AsciiDoc (build-time documentation generation only)
• xclip, xsel, or pbcopy for clipboard support (optional) - e.g. sudo apt-get install xclip

When creating a new entry I used the follow commands.

lpass edit --url example
lpass edit --password example
lpass edit --username example

Please see issue #55 opened to help with the redundant commands

After the three commands and running lpss sync the following entries show up in my vault

Each entry has all the content from the previous entry plus the new field. The old entries are not removed.