The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a simplistic way to manage multiple systems in an environment where Windows and Linux does not necessarily support an alternative.
For a full walkthrough of SHIPS v2.0 – watch the video below:
Clients for Windows and Linux may be configured to rotate passwords automatically. Stored passwords can be retrieved by desktop support personnel as required, or updated when a password has to be manually changed in the course of system maintenance. By having unique passwords on each machine and logging of password retrievals, security can be improved by making networks more resistant to lateral movement by attackers and enhancing the ability to attribute actions to individual persons.
SHIPS/2.0 builds on the functionality of SHIPS adding structured storage with access control lists, shared password manager functionality, and PKI based storage for password assets with greater data at rest and authentication requirements.
These improvements should help all organizations to do more with a single instance of SHIPS and fill a common need to share single administrative passwords associated with infrastructure devices, third parties, such DNS provides, SSL issuers, hosting providers and similar. This is perhaps the best use of the PKI based document storage facility introduced in SHIPS v2.
For a read on the prior version and architecture (which remains the same), visit our original post here:
For a full installation document as well as step by step instructions, visit our github page: