Neil Bothwick wrote: > On Thu, 18 Dec 2008 00:13:28 +0200, Alan McKinnon wrote: > > >> But back onto your original question. Webmin is a problem that cannot >> be fixed. It needs to have root priviledges, the root password needs to >> go over the wire to the webmin http server, and to the best of my >> knowledge is not subject to routine security scrutiny. I would not >> trust it further than I can throw it, and that's not very far. >> > > To be fair, they do recommend that you run webmin over HTTPS if using it > over the Internet, but SSH does give the added benefit of key-based > authentication I used to use webmin and I found that it made me forgot how to do real things. However, it is nice on occasion. If you want to go secure yet run over the internet, only push ssh to your firewall, and connect to your server via pubkeys. Tunnel server:80 (or server:443) via ssh to your localhost and now you have webmin running through an ssh tunnel.
signature.asc
Description: OpenPGP digital signature
