This is a bit of a brainstorm idea, but for securing an SSH server, a couple of basic recommendations are to disable direct root logins and enable public key authentication. However if Virtualmin is installed on the server, users (and root) can still log into it using regular passwords. An idea I had would be SSH validation, which would require users to first log in to SSH and execute a token-generating script, which would provide them with a login token to be used to validate the user in Virtualmin instead of a password.
Of course, this would only work if the following conditions are met:
The specific user has SSH access (and is not limited to SFTP by some chroot environment)
Public key authentication is enabled and password authentication is disabled for SSH (or else there is little to no security benefit)
+1 would really like to hear more about such an improvements.
I’d already disabled direct root SSH access and changed default ports of virtualmin & ssh, but as you’ve already said, it isn’t enough, root still have password access via virtualmin…
I don’t think it should be a hack, imo, it should be a core feature.
There are no workarounds that I know of since, according to the comments of the second link above, it’s based on a perl module that is very integrated into other areas Webmin that is either broken or has changed in recent releases and can’t be easily modified. If it’s a show stopper for you, stick with CentOS. If not, you can always just keep webmin disabled and start it up only when you want to using:
/etc/init.d/webmin start|stop
Personally, I manage almost everything by SSH anyway.
I haven’t contacted them, and I’m not sure if jcameron did either.
And the site I linked to says that you have to individually set which users you want to use PAM authentication for, so you can enable it only for the root user.