VirtualMin / Webmin login via SSH keys?

Hi,

I am securing my servers and therefore added SSH key authentication:

  • Created public / private key
  • Added to server
    Works good, I can SSH using the key.

I also disabled password authentication in sshd_config. So SSH access is secured.

But what about virtualmin login? The virtuamin / webmin login can still be hacked / brute-forced. Is there a way to secure the virtualmin also with SSH key or something?

Thanks!

Use fail2ban to watch your Webmin/Usermin and ban IP after X failed attempts. Usually people set ban duration 24-48 hours after 3 failed attempts. Enough to slow anyone down to the point is not worth to try and if you are using long passwords (16-20 characters) then its really hard that anyone will be able to bruteforce your control panel.

Awesome, thanks! I now enabled fail2ban but it only shows up in unused modules in webmin. Is that a known bug or something?

I know it is running because grep on fail2ban shows result for running process.

Also, where can I configure settings for amount of attempts and ban hours?

Thanks!

Best would be to check with fail2ban community for more informations. Actually is not hard at all to use but i would suggest to read and learn at least some basics or you could ban everyone including yourself. Once you got the basic knowledge setting up fail2ban is just question of minutes.

Ok! Will do that, thanks!

Still the question remains about why it shows up in unused modules? I don`t think fail2ban docs/community will solve, will it?

It seams like webmin thinks it is disabled, but it is actually running.

Well if you installed manually i’m not sure why Wmin cant see it. On Centos 6 and 7 you can install fail2ban from Wmin (unused modules) and it will show in your Network (Wmin).

If you are on Centos try “service fail2ban status” and see what you get out.

This is what I get:

service fail2ban status

  • Status of authentication failure monitor
  • fail2ban is running

I installed it manually so maybe that`s the problem?

When I go to Wmin > Unused modules > Fail2Ban intrusion detector it shows all the configuration and a button to stop the service.

To me it seems like it is running, but still it shows up in unused modules. Also in System > Bootup & Shutdown it shows yes for both start at boot and running now.

Im not on centos btw, its ubuntu