On Thu, August 14, 2014 11:26, John Plemons wrote:
If you are looking for another method for mySQL management, then webmin.com works too. Download the RPM package, ver. 1.700, it will allow you to do a great number of tasks remotely via the web.
I would advise that if you choose to use Webmin (and I do) then you should consider having it listen only on one IP address where more than one virtual IP is available. Further, the IP address and port (default is 10000) used by Webmin should be blocked by firewall settings to prevent direct access from the Internet. Instead you should use some form of tunnelling to establish a secure link to your LAN or to the host system itself. Even then you should only permit connections from known addresses from within your LAN.
You should also enable and require TLS (https) connections for Webmin as otherwise privileged user credentials are exposed. There are configuration choices available in Webmin to do this but these present a chicken and egg problem as the default setup uses plain http. If this is an issue then you can get around this by manually changing the following configuration settings in /etc/webmin/miniserv.conf using an editor over an ssh connection after installing but before using Webmin:
ssl=1 ssl_redirect=1 certfile=/etc/webmin/miniserv.pem # default set up with webmin install keyfile=/etc/webmin/miniserv.pem # default set up with webmin install
Or you can use a one-time set of credentials and change them immediately after setting Webmin to use https.
Regardless of how you set up Webmin's https access you also require this Perl module to get Webmin over https to work:
yum install perl-Net-SSLeay
For remote access the simplest tunnel I have discovered employs ssh and Firefox proxied to use SOCKSV on localhost port 2001 (127.0.0.1:2001).
Something like:
ssh -p 22 \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=10 \ user-id@internal.host.domain.tld \ -D 2001;
As a refinement I set up a specially configured sshd service that also listens on ports 80 and 443. This permits me to change the ssh port from 22 to 80 or 443 whenever a network provider decides that ssh is not part of their service (Hello Westin. . .)
If you are using PuTTY as the ssh client then you can do the same thing in the /Connection/SSH configuration by adding 2001 as a source port and selecting Dynamic as the destination type. You specify the ssh connection port in the Basic Options for the Session set up.
HTH