Securing remote root logins

First time Webmin user here (I love it though!).

My context is such that I must expose Webmin to the www in order to manage my stuff. I created a rule in iptables to restrict port 10000 to my ip, it works fine. But I have 2 questions:

  1. Do administrators commonly restrict port access to mac addresses? (latop, work, home, pda?)

  2. If I ban remote root logins, will I have to create a new user in webmin with root privs? … or does Webmin have a sudo’ish command to change into root administration mode?

Thanks in advance


For those who wish to restrict the Webmin port, most do it by IP address, I don’t hear of many doing that by MAC address.

You can also edit the root user in Webmin, and tie the root user to a specific IP address (ie, that means you could log in as root, but only from that one IP). I know when using Virtualmin, that it treats a user with sudo rights as a Master Admin. I suspect the same would be true for Webmin – though I’d suggest working out the kinks with that before disabling root :slight_smile:


Also, it does improve security to avoid all default configurations, including listening port if you’re the only user.

I have webmin/virtualmin on 7 servers and restrict access to a single ip address. If I need to manage anything remotely, I vpn into the network that has access and can manage the servers from there.