Submitted by lvsys on Fri, 07/16/2010 - 02:36
Hello,
I purchased a license of cloudmin because we're now managing multiple virtualmin PRO servers; thinking that you would support ubuntu 10.04 LTS because the documentation didn't specify otherwise.
.... then of course, installed a ubuntu 10 virtual machine... and the install fails because it won't install webmin.
Can I install virtualmin GPL on the machine prior to installing cloudmin, will this cause problems?
Thanks
Status:
Closed (fixed)
Comments
Submitted by lvsys on Fri, 07/16/2010 - 02:52 Comment #1
Actually, I just got the install working by reverting the VM to the clean state prior to installing cloud min.
then I installed webmin following the instruction from this post: http://www.kelvinwong.ca/2010/05/22/installing-webmin-on-ubuntu-server-1...
and then I installed the debian-ubuntu version of the cloudmin script and all went much better
Am I going to run into trouble by installing it this way?
Submitted by JamieCameron on Fri, 07/16/2010 - 06:50 Comment #2
No, that should work fine. What error did you get when originally installing Webmin though?
Submitted by lvsys on Fri, 07/16/2010 - 09:56 Comment #3
I was getting an error about webmin-server (or something like this) that could not get installed because of missing dependencies. And then, I quickly changed directions because I wanted to get this thing working.
But even with the cloudmin system running now, I am having a real hard time getting it to add physical servers (each running virtualmin). It won't login via SSH or webmin which are both installed on the 2 physical servers.
SSH tells me "warning.. something something... adding key .... permission denied"
Webmin Login just says it couldn't connect.
Once I get to the office, I'll copy the exact error messages I am getting. I know this doesn't help much right now. I really want this to work because one system uses Citrix Xen Server and I'd really like to manage it with cloudmin.
MD
Submitted by JamieCameron on Fri, 07/16/2010 - 10:28 Comment #4
Does the remote system you are trying to add allow root SSH logins? From that error it looks like either root is disallowed, or the key or password Cloudmin is trying to use are wrong.
Submitted by lvsys on Fri, 07/16/2010 - 10:32 Comment #5
No ubuntu does not allow root login, only a user setup on the system, for example "bob" can login. Could this be a problem?
Submitted by JamieCameron on Fri, 07/16/2010 - 10:39 Comment #6
Yes, that would be an issue - Cloudmin doesn't work with sudo currently, as that breaks root scp. I forget exactly how Ubuntu 10.04 disables root access though.
in /etc/ssh/sshd_conf is set
PermitRootLogin no
by logging into shell, run "sudo passwd" to set a password for root.
In Ubuntu root has no password by default.
Submitted by lvsys on Fri, 07/16/2010 - 14:55 Comment #8
Thanks guys for the input... I really appreciate it.
but see... now this is a problem. The attractive feature of ubuntu is that root cannot login ; making the system not more secure but more safe to use from the command line.
Enabling the root account would then cause a problem, especially since the web interface of cloudmin shows the passwords in clear on the 'add physical server' interface. That alone sends chills down my spine ; I can't have a web interface show root passwords of my production system in clear.
Any way I can avoid using root passwords? --- I don't mind enabling a root account in order to do that.
MD
that root can not log in by default is so that ms windows users wont make silly mistakes (who are the biggest users base for ubuntu) until they know how to use root.
Actually root can login but the root password is not known to the user so root becomes unavailable.
The part to worry about is that a user can sudo and set a new password for root. How safe is that?
cloudmin doesnt show the root password, per haps it does only in your browser, which is then only visible to you.
However you can make an account for a user and give it all rights to make it 'root'. You can do that under Webmin - Webmin - Webmin Users
Submitted by lvsys on Fri, 07/16/2010 - 16:53 Comment #10
Ok, good points. Let me give it a second shot
MD
Submitted by lvsys on Fri, 07/16/2010 - 18:49 Comment #11
Ok, BIG PROBLEM... the root password of the newly registered virtualmin system shows in clear on the web browser. I am using google chrome.
I've successfully added a physical server to the cloudmin instance. Then, when I click on "Edit System" way at the top, it shows my root password in clear... I am not alone in the office when I work on the servers, and when several of us are troubleshooting settings, I don't want guys to see the root passwords.
... .this is definitely a problem...
MD
Submitted by JamieCameron on Fri, 07/16/2010 - 19:21 Comment #12
The root password is in a collapsible section that is hidden by default though, right?
Or are you concerned that other Cloudmin users will be able to copy the root password for your systems?
Submitted by lvsys on Fri, 07/16/2010 - 19:31 Comment #13
yes, it is hidden by a collapsible section, but I am concerned that it's visible by navigating the site because by being displayed in a clear box, the browser remember its value in clear in its intellisense ; and it offers it as an auto-fill option when I create another virtual min server.
That's just bad practice and quite worrysome. I understand that if somebody gets unauthorized access to my cloudmin, I am already in big trouble, but that doesn't mean that this somebody should see my root passwords.
Why isn't it a password field?
MD
Submitted by JamieCameron on Fri, 07/16/2010 - 20:04 Comment #14
I guess the only reason it isn't a password field is that in some cases the admin does want to see the password Cloudmin is logging in with. However, I will change that in the next release, as you are correct that protection from prying eyes is more important..
Submitted by lvsys on Sat, 07/17/2010 - 01:14 Comment #15
Thank you. I appreciate your responsiveness very much.
Can cloudmin be installed on a system that also runs a virtualmin in production, or is that just a bad idea?
Submitted by JamieCameron on Sat, 07/17/2010 - 05:35 Comment #16
Actually that will work fine, and is fully supported.
A better option would be to be able to hide the field Authentication options under Edit System all together.
I need to see the password as I maintain the VPS'ses myself.
Or be able to create a webmin user and have an option to disable the field Authentication options.
Submitted by lvsys on Sun, 07/18/2010 - 00:28 Comment #18
you could also maintain a separate (encrypted) file on your computer with all the passwords.... That's what we do ; it's manual, but it works well ; and is more secure in my opinion.. also, I know it's a question of preference
Submitted by lvsys on Sun, 07/18/2010 - 00:26 Comment #19