Shawn wrote:
While Webmin is a decent tool, but you should very carefully consider things before making it available to the general public via an External connection to the net. I believe most of the security problems have been resolved, but if someone happens to guess your password, they can do whatever they want to your server/network.
and the difference to guessing an SSH password would be ... ?
Granted, if they can get past your authentication you probably have bigger problems, but it doesn't make sense to give an attacker a nice pretty interface to wreak havoc with.
Webmin is a great tool, best used internally. On the other hand, if you can SSH into the network, and then run webmin, that would be a little more secure.
why?
Kin, I think the tool you're after is SSH by itself.- if you don't mind command line interface,
- if you already have or don't mind installing SSH client software at the remote client
(Sorry Niels - but I've just seen toooo many resources that say don't allow external access to webmin. But the last time I looked was over a year ago, so things may have changed since then)
I'd be interested in those resources ...
Maybe you're right, but I'd be interested, what might explain the popularity of default password attacks into numerous default user-ids (those required by various server software) via SSH (as observed/discussed on this list a few times)? As a result I have disabled SSH access to my servers. I personally don't like the idea that some server software I may install just might create a default userid/password combination, which I have to hunt down and change before someone else uses it.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
