This is a static archive of the old Zorin Forum.

The information below may be outdated. Visit the new Zorin Forum here ›

If you have registered on the old forum, you will need to create an account on the new forum.

Remote access to server

ozstar

Tue Jan 14, 2020 11:11:26 am

Is there a way I can access the server remotely for admin access ?

This looks interesting.. anyone using it ? Is it okay for Zorin 15?

http://www.webmin.com/

Thanks

Swarfendor437

Tue Jan 14, 2020 9:42:45 pm

ozstar

Wed Jan 15, 2020 11:23:37 am

Thank you Swarfendor437.

I took a look but decided on Webmin and it sure gives a lot of help in a nice GUI way.
I can access it via localhost:10000 but now want to get it remotely from outside the LAN.

I have been advised that I should be careful and best to setup a SSH Tunnel.

Unfortunately at my Linux level its like building a ship to Mars !

The proper way would be to, instead, set up an SSH tunnel between your remote system and your actual system with Webmin on it, and NOT EXPOSE webmin to the Internet directly.

There are a number of evils in webmin which allow for limitless bruteforcing of the webmin interface with it exposed right to the 'net which makes webmin bad to expose direct to the Internet.

UNDER NO CIRCUMSTANCES should you have Webmin directly accessible on the Internet because of the security risk to you, your data, and your network. Strongly consider an SSH tunnel via SSH Key Auth and opening the SSH port instead and route traffic over the SSH tunnel to reach webmin instead.


I see this tutor. Does this seem easy and correct?

https://ubuntuforums.org/showthread.php?t=902762

Swarfendor437

Wed Jan 15, 2020 1:10:29 pm

OK, I would follow the tutorial but choose a different port and ensure that the port is excluded from denial in GUFW. If Joe Hacker knows the ports used by Open-SSH as standard they could probe that port so make an obscure port number but within the range that webmin offers. The issue with Obmin is that it was not secure but I was only wanting access from my phone. ;) :D

ozstar

Thu Jan 16, 2020 9:38:55 pm

Thank you.
I will give that a go as soon as I can.
I was able to get to Webmin from the net by opening the FF to the port I have assigned in Webmin and port Fwding so need to make it safer now.
Snails pace but moving forward....

ozstar

Fri Jan 17, 2020 12:18:06 am

I got an answer back from the Webmin forum to my question how to make Webmin safer.

This is what he said. What say you?

There are few ways.

You could put it behind Apache proxy (a manual avaialble online everywhere), then set httpd-password for accessing directory under which Webmin is opened (webprefix), watching Apache logs for failed attepmts on this directory and blocking IP with failed attepmts. (could be interested in CSF - ConfigServer Security and Firewall - supported by theme fully.)

You could also enable blocking hosts with failed login under Webmin Configuration/Authentication.

Besides, you could prevent anyone but certain IPs connecting to Webmin using Webmin Configuration/IP Access Control

Swarfendor437

Fri Jan 17, 2020 1:39:07 pm

I would see if there are any reviews and setups by others to be sure. ;) :D