Webmin ROOT login fails, SSH works OK

4 posts / 0 new
Last post
#1 Fri, 12/15/2017 - 17:37
calderwood's picture

Webmin ROOT login fails, SSH works OK

I am running GPL on this server for 4 years, but a couple of days ago I lost the ability to login to the CP via Webmin using the ROOT user. I can still log in to individual servers via the Webmin with the server admin user. I still have full SSH root access. Also, I can login from my cell phone via the mobile webmin. I cannot login from any desktop or tablet, and have tried from multiple IP addresses and from different ISP accounts (comcast & verizon) but keep getting the message: Warning! Login failed. Please try again. then it locks out with Error - Access denied for XX.XX.XX.XX. The host has been blocked because of too many authentication failures. MiniServ.Error lists:

[15/Dec/2017:15:47:21 -0500] miniserv.pl started
[15/Dec/2017:15:47:21 -0500] IPv6 support enabled
[15/Dec/2017:15:47:21 -0500] Using MD5 module Digest::MD5
[15/Dec/2017:15:47:21 -0500] PAM authentication enabled
[15/Dec/2017:15:55:02 -0500] [xx.xx.xx.xx] /session_login.cgi : Access denied for xx.xx.xx.xx. The host has been blocked because of too many authentication failures.

denyhosts.allow has the IP address included. /etc/init.d/webmin restart clears the IP but you still can't login. I have tried setting the the WebMin panel with Authentication for failed login blocks to OFF, and the login still fails. Also, have tried on different computers at different physical locations. All fail every time, except the mobile connection.

Webmin version 1.870 Usermin version 1.720 Virtualmin version 6.02 Theme version Authentic Theme 19.04 Apache/2.2.15 (Unix) CentOS release 6.6 (Final)

Mon, 12/18/2017 - 11:39
calderwood's picture

I have found the cause of the problem. I was able to change the "authentic" theme to "Old Webmin" then log in through the regular login to WebMin, reset the theme to Authentic and it all started working again.

David Calderwood - Euro-Pacific Digital Media

Fri, 01/05/2018 - 11:01

We are seeing this bug as well but changing the theme did not resolve. In our situation, we have root logins only allowed from authorized list of IPs/subnets. It matches IPv4 IPs and subnets just fine but not IPv6. Only seems to affect our Debian 8 servers, our CentOS 6 servers are working as expected.

Wed, 04/11/2018 - 08:42

I'm having the same issue... but changing the theme didn't resolve this for me either.

Anyone found a fix?

Topic locked