I need to secure Cockpit Access via ssh tunnel and block a password-supported root login in its web interface.
Referring to the Fedora docs under section 7 “Securing Cockpit Access”, could you step through what goes into <
host.example.com> and how to set up ssh tunnel?
ssh host.example.com -L 9090:host.example.com:9090
November 29, 2021, 10:36am
hostnameof your server.
to find out your server’s hostname, run
You may have to read the
man page for SSH to understand was the option
Which step in
https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/#_1_set_up_root_login_via_key_file causes problems when trying to setup key-authenticated ssh access to your server?
November 29, 2021, 1:56pm
You may also want to check out the many articles about cockpit usage on Fedora Linux found at Fedora Magazine.
Okay, I can comb through the essential steps in the Fedora Magazine. Very concise.
I was wrestling with this help doc, which is linked to the Help menu in Cockpit (aka Web Console).
Fair enough, I would go through the process for local port forwarding (-L option). When relevant to my use case, I should leave the final results here. Until then I’ll keep this open.
Port forwarding is better documented
Additionally, the ssh concept and topology helped find rationale and moving pieces to set up local port forwarding.
December 2, 2021, 8:52am
Personally, I prefer to secure Cockpit with TLS accessible remotely over VPN.
Okay, do you have the link to the suggestions?
My goal is to restrict Cockpit access just to my login and the computer that runs ssh authenticated without a password, and block access from other IPs. This can be achieved through rich rules in