Comments (7)
Here is the solution if you want to secure with SSH keys. Create a SSH tunnel to your server on port 10000 (or whatever your Virtualmin/Webmin port is) using Putty. When it's working you should be able to open a browser to https://localhost:10000 and get your Virtualmin/Webmin server GUI. Set Webmin to only listen to 127.0.0.1 in the Webmin GUI at Webmin>Webmin Configuration>Ports and Addresses. After confirming that works go into /etc/ssh/sshd_config and set "PasswordAuthentication no" if it isn't already.
Now the only way to get to Virtualmin/Webmin GUI login prompt is with SSH tunnel using putty or some other SSH client and if PasswordAuthentication is set to no then the only way to do that is with ssh keys. You still have to log into the GUI with root password but for administration it should not be much of an inconvenience and is an extra layer of security.
If you are already using ssh keys and know how to set up Putty ssh tunnel this should be trivial to set up. If not don't be intimidated, it's not as hard as it first seems. Just stick to it and you will figure it out and realize it's not that complicated. There are lots of how to's on the internet.
I've only done this on my own VPS with no other users. Not sure if or how it could work in a shared environment.
from webmin.
Webmin already supports SSL key-based authentication. You can find that in Webmin->Webmin Users->Request Certificate. There's no reason to jump through all the odd hoops of trying to authenticate against SSH keys, when there is a standard key-based authentication method supported by browsers and Webmin.
from webmin.
Strange. I don't have the option "Request certificate" anywhere.
from webmin.
You first need to create a CA at Webmin -> Webmin Configuration -> Certificate Authority.
from webmin.
Thanks for the response. I didn't even know that this was even a feature of web browsers. Now, the only issue I had was that none of the users (except root) are able to request a certificate by default since they are unable to see that module, so I had to give permissions to the users to access 'webmin' -> 'webmin users' with everything disabled except "Can request certificate".
Oh, and it doesn't appear to work in Opera even though according to http://www.opera.com/support/kb/view/436/ it should be supported. I have no idea about how it would be accomplished though.
from webmin.
Yes, browser support for requesting client-side certificates is inconsistent. The most reliable one is Firefox..
from webmin.
@shadowym Sorry for the delayed response. For some reason it didn't notify me of your comment. I just have to say, you are a genius. That is exactly what I was looking for since browser certificates are bugged on Debian servers. Using FoxyProxy to only use the proxy for specific sites, and adding an entry to my /etc/hosts file, I can now go to https://virtualmin:10000 and not have to worry about it interfering with other sites, including localhost on other ports.
from webmin.
Related Issues (20)
- Connection Lost error message HOT 62
- Web interface stopped working entirely after update HOT 3
- When i try to set the acl webmin gives me -R: no such file or directory HOT 1
- getting MS TEAMS meeting invites that do not show time and date of meeting HOT 12
- Tools - UPS Daemon: Error — Perl execution failed HOT 2
- href links in ui_checked_columns_row leads to partial page loading HOT 4
- Cyrus - Add ability to configure SASL authentication mechanisms HOT 3
- SpamAssassin - Header and Body Tests - 2 input boxes for expression? - Time for a single page? HOT 7
- Postfix - missing restrictions - `smtpd_data_restrictions` and `smtpd_end_of_data_restrictions`
- System Logs Viewer - Some improvements HOT 2
- Remove `SMTP Client Restrictions` and create `Access restriction lists` HOT 3
- System Monitor - Show what service binary is being monitored HOT 4
- FirewallD - Adding some more quick actions to give parity to CSF
- Postfix - `permit_networks` does not work HOT 13
- Load dynamic modules .conf file in different locations HOT 4
- Unclear / inconsistent logic for resulting color and style of buttons HOT 6
- postfix - SMTP TLS client security level GUI options does not change smtp_tls_security_level HOT 1
- Adding 'capwap-ac-v4' DHCP Option to the GUI? HOT 1
- Why is the temperature displayed incorrectly using sersors? HOT 9
- Webmin (UI) breaks with Error: 500 - Perl execution failed - Undefined subroutine (...) HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webmin.