Webmin login4/19/2023 ![]() ![]() It supports multiple functions such as creating/managing Apache virtual hosts, MySQL database creation/management, generating DNS zones, managing mailboxes, and much more. Not sure if or how it could work in a shared environment.Virtualmin is a great open-source Webmin module typically used to manage multiple virtual hosts through a single interface, similar to cPanel. I've only done this on my own VPS with no other users. There are lots of how to's on the internet. Just stick to it and you will figure it out and realize it's not that complicated. If not don't be intimidated, it's not as hard as it first seems. If you are already using ssh keys and know how to set up Putty ssh tunnel this should be trivial to set up. You still have to log into the GUI with root password but for administration it should not be much of an inconvenience and is an extra layer of security. Now the only way to get to Virtualmin/Webmin GUI login prompt is with SSH tunnel using putty or some other SSH client and if PasswordAuthentication is set to no then the only way to do that is with ssh keys. After confirming that works go into /etc/ssh/sshd_config and set "PasswordAuthentication no" if it isn't already. Set Webmin to only listen to 127.0.0.1 in the Webmin GUI at Webmin>Webmin Configuration>Ports and Addresses. When it's working you should be able to open a browser to and get your Virtualmin/Webmin server GUI. Create a SSH tunnel to your server on port 10000 (or whatever your Virtualmin/Webmin port is) using Putty. Here is the solution if you want to secure with SSH keys. The user would then log in using their username and the token. Of course, they would need to be kept secure (readable only by root), they would need to have some sort of reasonable expiration time and should probably be limited to one per user. This could be stored in a database, in the filesystem or in memory. ![]() This would be a bit more inconvenience for the user, however in order to log in to Webmin, they first need to log in by SSH and generate a single use token by executing a script on the server. Require a single use token generated by SSH. The public key would then be authenticated as it is in SSH connections. Alternatively, the user could copy/paste the contents of their public key into the browser if the above method wouldn't be feasable. We would need to use some tricky Javascript (tricky for me anyway) that would allow the user to select their private key from their file system and, using the passphrase, generate the respective public key client-side and send it to the server along with their username. Make the user upload the public key to the server using the browser. Here are a couple of ideas I came up with how this could be accomplished. It would be nice if we could somehow make use of the public key authentication system already in place in order to authenticate users through Webmin/Virtualmin. Because of this, I usually have Webmin disabled and enable it only when I want to use it. I have a server running Webmin and Virtualmin, however one small gripe I have is that enabling an SSH server with public key authentication and disabling password authentication is essentially defeated by enabling Webmin since it only allows password authentication and provides many functions that a user could do to authenticate themselves with full SSH access (such as a file manager for basic users and editing the sshd_conf file for root). ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |