Re: web interface for majordomo and how does majorcool adm screens looks like
"Daniel Hedley" <daniel @
Wed, 31 Jul 2002 15:59:59 +0100
web interface for majordomo and how does majorcool adm screens looks like
On Wed, 31 Jul 2002 14:38:22 +0100 Daniel Hedley
> I'd take issue with the "webmin insecure" ting.
> What I normally do is 1) change the port,
>changing the port is a help, but is an obscurity based approach and
won't defend you against a determined >hacker
It's better than not doing it.
> 2) use SSL
> and 3) restrict
> access to a particular range of Ips (the NAT router in our office and
> my home IP usually).
>IPs can be spoofed, and having your home IP listed is a potential
source of spoofing attacks.
>i'd suggest not listing your home IP as accessible, and tunneling
webmin inside ssh instead, so the >>connection appears to come from
Yep, good idea. I'll see if I can figure it out (or is there a HOWTO?)
> It's then perfectly secure, or at least as secure as anything is
> these days.
i'd be happier if it supported PKI or other public key based
authentication, as opposed to just a password. if you use ssh tunneling,
and set up RSA or DSA keys, you can accomplish this effect.
>and you do use a different password for your webmin installation than
you use for anything that might, >>>>>>intentionally or inadvertantly,
be transmitted in the clear, right?
Yep. Have different passwords for each thing on t'network, & one of
those thumbprint decrypter thingies off of thinkgeek.com. Works for me.
firstname.lastname@example.org Averill Park
email@example.com Unix, Linux, IP Network Engineering,