[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Webmin security

To: armin.schoech@xxxxxx, suse-security@xxxxxxxx
Subject: Re: [suse-security] Webmin security
From: Andy Bennett <andy@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 31 Jul 2003 19:28:44 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Thu, 31 Jul 2003 19:34:41 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.44.0307311648310.8867-100000@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.44.0307311648310.8867-100000@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: andy@xxxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.4.3

Or just login via SSH as root but restrict access to your own external IP 
address if it's fixed. It's also possible to do reverse mapping so that the 
IP address can be checked against the host name but, again, this really 
implies a fixed IP address.

SSH uses a different method of login so isn't affected by the login 
restrictions that login has, i.e. you can comment out login in 
/etc/inetd.conf

There are a couple of different authentication mechanisms including Kerberos 
or public key and you can also use a couple of other tools including scp to 
copy files back and forth between systems so you can download a file, edit it 
and check it works OK, (assuming you have a similar system to work on), and 
then upload it.

I use yast for most stuff or edit files for the more difficult things.

Rgds
Andy

On Thursday 31 July 2003 17:50, Armin Schoech wrote:
> Hello !
>
> > My main question is if the Webmin is a good tool to do remote
> > administration or are better tools ?
>
> --> What about logging in via SSH as normal user and then "su" to root
> ? Then you have the same full control as if you were sitting in front
> of the box (except the possibility to press the power or reset button
>
> :-).
>
> If you use public key authentication and restrict the IPs that are
> allowed to connect to your SSH server, I think you are pretty secure.
>
> Bye,
> Armin

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- Re: [suse-security] Webmin security
  - From: Armin Schoech

Prev by Date: [suse-security] SuSE Security Announcement: wuftpd (SuSE-SA:2003:032)
Next by Date: Re: [suse-security] Webmin security
Previous by thread: Re: [suse-security] Webmin security
Next by thread: Re: [suse-security] Webmin security
Index(es):
- Date
- Thread