I need to secure Cockpit Access via ssh tunnel and block a password-supported root login in its web interface.
Referring to the Fedora docs under section 7 “Securing Cockpit Access”, could you step through what goes into <host.example.com> and how to set up ssh tunnel?
ssh host.example.com -L 9090:host.example.com:9090
hostnameof your server.
to find out your server’s hostname, run
You may have to read the man page for SSH to understand was the option
Which step in System Administration – Post Installation Tasks :: Fedora Docs causes problems when trying to setup key-authenticated ssh access to your server?
Hello @hankuoffroad ,
You may also want to check out the many articles about cockpit usage on Fedora Linux found at Fedora Magazine.
Okay, I can comb through the essential steps in the Fedora Magazine. Very concise.
I was wrestling with this help doc, which is linked to the Help menu in Cockpit (aka Web Console).
Fair enough, I would go through the process for local port forwarding (-L option). When relevant to my use case, I should leave the final results here. Until then I’ll keep this open.
Port forwarding is better documented here.
Additionally, the ssh concept and topology helped find rationale and moving pieces to set up local port forwarding.
Personally, I prefer to secure Cockpit with TLS accessible remotely over VPN.
Okay, do you have the link to the suggestions?
My goal is to restrict Cockpit access just to my login and the computer that runs ssh authenticated without a password, and block access from other IPs. This can be achieved through rich rules in firewallD.