You can use a localhost Cockpit with SSH Port Forwarding.
reply> Configure Cockpit to listen only loopback/127.0.0.1[1]:
[Socket]
ListenStream= #This remove 0.0.0.0:9090 bind based on the docs
ListenStream=127.0.0.1:9090
> Execute in your machine a port forward with SSH[2]:
ssh -N -L 9090:127.0.0.1:9090 host@ip
> Then you can open localhost:9090 in your browser securely only using SSH (that is already part of your actual workflow).
[1]: https://cockpit-project.org/guide/latest/listen
[2]: https://coder.com/docs/code-server/guide#port-forwarding-via...
Yes but if there's going to be something lightweight and correct-by-default I'd prefer that, mostly because I have many machines to manage and a team of people to educate. I'd like default to be good instead of wasting time and risking.
replyIf you’re using libvirt, you can do a remote connection through ssh with virsh or Virtual Manager desktop app.
replyI thought cockpit use pam, so you can use other pam modules to log in.
replyCan you explain a bit more? The user passwords are inherently not strong enough so I disable all ssh via password and only use private keys (id_ed25519). If cockpit allowed me to use one I'd be ok, but if they don't – I at least want some scary auto-generated password only for cockpit, not the system user's one (which is often very weak).
replyso bind cockpit to 127.0.0.1 and use ssh port forwarding?
replyYou could also have a more strict password policy but I don't know that I'd ever want to expose something like cockpit to the raw Internet.
Yes but if there's going to be something lightweight and correct-by-default I'd prefer that, mostly because I have many machines to manage and a team of people to educate. I'd like default to be good instead of wasting time and risking.
reply