Best practice to secure Cockpit Web Interface

Hello Friends

When managing a server remotely using SSH, my understanding is the best practice is to use SSH keys. This way, you can be less concerned about your system username and password.

If you use Cockpit to manage a server remotely, you are basically putting an open port that is just protected by your system username and password. This does not seem to be the best practice to me, as it seems to be like using SSH without keys.

What would be the recommended best practice to manage a server remotely with Cockpit?

I was thinking of putting Cockpit behind a reverse proxy (Apache or Nginx) and using their basic authentication with a strong password save to a password manager. But then what do I know, this maybe a dumb idea.

Thank you for your input

Make sure only https access to cockpit with a long random password is used. Should be good for most use cases. Use Fleet Commander Cockpit plugin for managing multiple desktop machines. Also, only allow connections from known IP’s.