How do I make webmin secure? [closed]
Solution 1:
Securing it really depends on how it's being served. But by default it comes with it's own web server. /etc/webmin/miniserv.conf has allow and deny directives. So you can use this to only allow access from the localhost.
Then as you say just ssh in using port tunneling to access it. At that point in theory it would be as secure as your ssh setup is. If someone gains ssh access to your server then you already have issues.
Solution 2:
How I secured mine:
- Create a Webmin only user with a unique password. Delete all other webmin users
- Change the default port
- Limit access via IP addresses at both the firewall and the webmin panel
Solution 3:
Probably the easiest way to achieve this is to use mod_access to control access to the directory tree that Webmin lives in. Here is a quickstart page on the subject. Here is a second option.