On Wednesday 17 December 2008, 23:13, Alan McKinnon wrote: > But back onto your original question. Webmin is a problem that cannot > be fixed. It needs to have root priviledges, the root password needs > to go over the wire to the webmin http server,
True, although all the webmin installations I've seen run on https. > and to the best of my knowledge is not subject to routine security > scrutiny. I would not trust it further than I can throw it, and that's > not very far. > > So, someone who insists on using it deserves to have their machines > pwned, lose their data, be blacklisted for being a zombie bot and have > their kittens eaten. Rather than appease your friend's reluctance to > use anything other than a GUI, you should batter some sense into his > skull. Tell him I say it is highly unlikely that he knows more about > how to do this job than the 1000s of Unix admins who have been doing > it for almost 40 years. He really, really, wants ssh. Agreed. (and, btw, you can just use ssh port forwarding and run webmin over that without exposing webmin directly on the Internet, if you really want it)
