Cockpit access via ssh and setup a tunnel

I need to secure Cockpit Access via ssh tunnel and block a password-supported root login in its web interface.

Referring to the Fedora docs under section 7 “Securing Cockpit Access”, could you step through what goes into <host.example.com> and how to set up ssh tunnel?

ssh host.example.com -L 9090:host.example.com:9090

https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/

1 Like

the hostnameof your server.
to find out your server’s hostname, run hostnamectl

You may have to read the man page for SSH to understand was the option -Ldoes…

Which step in https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/#_1_set_up_root_login_via_key_file causes problems when trying to setup key-authenticated ssh access to your server?

1 Like

Hello @hankuoffroad ,
You may also want to check out the many articles about cockpit usage on Fedora Linux found at Fedora Magazine.

2 Likes

Okay, I can comb through the essential steps in the Fedora Magazine. Very concise.

I was wrestling with this help doc, which is linked to the Help menu in Cockpit (aka Web Console).

Fair enough, I would go through the process for local port forwarding (-L option). When relevant to my use case, I should leave the final results here. Until then I’ll keep this open.
Thanks.

Port forwarding is better documented here.

Additionally, the ssh concept and topology helped find rationale and moving pieces to set up local port forwarding.

1 Like

Personally, I prefer to secure Cockpit with TLS accessible remotely over VPN.

Okay, do you have the link to the suggestions?

My goal is to restrict Cockpit access just to my login and the computer that runs ssh authenticated without a password, and block access from other IPs. This can be achieved through rich rules in firewallD.

1 Like