Hi to all! I am interested in creating a way to administer my company systems when iam away. I come across Webmin and i think it is a good way to administer systems when i am not in the company. Does anyone knows if the Webmin permits to do a administration of the systems securely ? Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ? Thanks to all and sorry about my english. João Reis -------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Joao,
Does anyone knows if the Webmin permits to do a administration of the systems securely ? Jup, you can setup webmin to use https.
Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ? Otherwise you can access it using ipsec... or restrict the IP address from which access is possible...
Cheers, Arndt - -- Arndt Faulhaber mailto:arndt.faulhaber@diagnosdata.com gpg-pubkey: http://www.rzuser.uni-heidelberg.de/~afaulhab/arndt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/KTdQEin8GFiSP10RAlDDAJ9HibgQTL0/ski+O+tRSMWfgiubVgCdGu1I cFZmp0DRsx7nxEDilMgjqus= =2j7L -----END PGP SIGNATURE-----
Hi again. My main question is if the Webmin is a good tool to do remote administration or are better tools ? On Thursday 31 Jul 2003 16:35, Arndt Faulhaber wrote:
Hi Joao,
Does anyone knows if the Webmin permits to do a administration of the systems securely ?
Jup, you can setup webmin to use https.
Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ?
Otherwise you can access it using ipsec... or restrict the IP address from which access is possible...
Cheers, Arndt
-- "Do or do not. There is no try" - Yoda ------------------------------------------------------- 2000Comp - Consultoria e Informática, Lda Tel: +351 22 941 99 32 Fax: +351 22 941 99 34 www: http://www.2000comp.pt João Reis -------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
My main question is if the Webmin is a good tool to do remote administration or are better tools ? IMHO a great tool - but just try it out, since everyone prefers a little different tools... But in terms of security, I think you can make it as secure as you want...
Cheers, Arndt - -- Arndt Faulhaber mailto:arndt.faulhaber@diagnosdata.com gpg-pubkey: http://www.rzuser.uni-heidelberg.de/~afaulhab/arndt.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/KTluEin8GFiSP10RAj2SAKC9gK25aMdzpW2YSmenIzqZo/6v9gCg6bVp 7OUuy7iyg/XvSaAPYyhe1uc= =oisM -----END PGP SIGNATURE-----
Hello !
My main question is if the Webmin is a good tool to do remote administration or are better tools ?
--> What about logging in via SSH as normal user and then "su" to root ? Then you have the same full control as if you were sitting in front of the box (except the possibility to press the power or reset button :-). If you use public key authentication and restrict the IPs that are allowed to connect to your SSH server, I think you are pretty secure. Bye, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Or just login via SSH as root but restrict access to your own external IP address if it's fixed. It's also possible to do reverse mapping so that the IP address can be checked against the host name but, again, this really implies a fixed IP address. SSH uses a different method of login so isn't affected by the login restrictions that login has, i.e. you can comment out login in /etc/inetd.conf There are a couple of different authentication mechanisms including Kerberos or public key and you can also use a couple of other tools including scp to copy files back and forth between systems so you can download a file, edit it and check it works OK, (assuming you have a similar system to work on), and then upload it. I use yast for most stuff or edit files for the more difficult things. Rgds Andy On Thursday 31 July 2003 17:50, Armin Schoech wrote:
Hello !
My main question is if the Webmin is a good tool to do remote administration or are better tools ?
--> What about logging in via SSH as normal user and then "su" to root ? Then you have the same full control as if you were sitting in front of the box (except the possibility to press the power or reset button
:-).
If you use public key authentication and restrict the IPs that are allowed to connect to your SSH server, I think you are pretty secure.
Bye, Armin
Webmin implies running the webmin server, miniserv.pl and perl both of which are security holes in themselves. Also they need maintaining. I'd use SSH and yast/editing files for security considerations. Yast makes keeping a system patched quite easy now with the online update assuming your system is pretty minimal which is what most servers are, i.e. no X-server, KDE, etc. etc. Andy On Thursday 31 July 2003 16:37, João Reis wrote:
Hi again.
My main question is if the Webmin is a good tool to do remote administration or are better tools ?
On Thursday 31 Jul 2003 16:35, Arndt Faulhaber wrote:
Hi Joao,
Does anyone knows if the Webmin permits to do a administration of the systems securely ?
Jup, you can setup webmin to use https.
Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ?
Otherwise you can access it using ipsec... or restrict the IP address from which access is possible...
Cheers, Arndt
My install of Webmin installed so that my connection is: https://computer.domain:10000/ Does this not provide a secure connection? I realize that it does not limit others from connecting, but perhaps it is enough for João. - Paul On Thursday 31 July 2003 11:22, João Reis wrote:
Hi to all!
I am interested in creating a way to administer my company systems when iam away. I come across Webmin and i think it is a good way to administer systems when i am not in the company.
Does anyone knows if the Webmin permits to do a administration of the systems securely ?
Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ?
Thanks to all and sorry about my english.
João Reis -------------------------------------------------------
My 2 cents: Use it over https so all data transmitted is encrypted. Never over http. You can change the port for it too. It's not as secure as ssh+vi but it will do. However I suggest keeping webmin up2date. (in fact, keep the whole system ;-)). Some time ago there was a bad a$$ vulnerability found in it. Best regards, Sourian At 20:09 31.07.2003 -0400, you wrote:
My install of Webmin installed so that my connection is:
https://computer.domain:10000/
Does this not provide a secure connection?
I realize that it does not limit others from connecting, but perhaps it is enough for João.
- Paul
On Thursday 31 July 2003 11:22, João Reis wrote:
Hi to all!
I am interested in creating a way to administer my company systems when iam away. I come across Webmin and i think it is a good way to administer systems when i am not in the company.
Does anyone knows if the Webmin permits to do a administration of the systems securely ?
Example if i connect from home to my company to administer my systems with webmin is there any secyrity flaws or if it is not advisable ?
Thanks to all and sorry about my english.
João Reis -------------------------------------------------------
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (6)
-
Andy Bennett -
Armin Schoech -
Arndt Faulhaber -
João Reis -
Paul Kozlenko -
Sourian