|
Usage Case: Arnold is a responsible network administrator who does not wish to open up the often exploited phpmyadmin to the outside world or even to the curious sort on his internal network.
Susan needs to use Webmin to manage one of her servers remotely. Of course, since Susan is responsible, the Webmin is not accessible to the outside world.
There is a simple way to make this all happen, and that is what this tutorial is all about. We only need to do two things:
- Block access to the service from the outside the server (be it phpmyadmin, webmin, or any other service...)
- Make some way to access the service remotely and securely.
Note about this tutorial: We assume you are using linux as your server and apache as your webserver. This should cover most of the users reading this. If not, shoot me an email and I can help you out.
Blocking Access
This part is fairly simple, depending on the service. You basically need to block access from everywhere but localhost. For Webmin simply go to Webmin->Webmin Configuration-> IP Access Control. Select the "Only allow from listed addresses" and type:
127.0.0.1
127.0.1.1
Into the box below and click save.
For phpmyadmin you need to edit the apache configuration directly. All you need to do is edit the phpmyadmin configuration file and add the this to the bottom
Make sure that /usr/share/phpmyadmin is really where your phpmyadmin files are. This is the default for Ubuntu. The configuration file is at /etc/apache2/conf.d/phpmyadmin.conf on Ubuntu. Make sure to restart apache to take effect.
WARNING: I think it goes without saying, but I will say it anyways: Don't try and do this tutorial if you don't have SSH installed on the machine. Especially for the Webmin side, if you make the changes from a remote machine, you will effectively lock yourself out of your server if you don't have physical access to it.
Once you do the previous steps, try getting to the service from a remote computer. If remote access is denied Success! You get to move on. If not then make sure your followed all the steps and restarted the service. If you still need help let me know.
Accessing
Now we get to the fun easy part. All you need to do is open up a terminal and type:
ssh -L localport:example.com:remoteport user@example.com
That's a bit of a keyboardfull, so let me give you an example and then break it down for you:
ssh -L 8080:example.com:80 admin@example.com
This means I'm logging into the server at example.com with the user admin. With the "-L" switch I'm forwarding port 8080 on my local machine to example.com:80. This means that when I access 8080 on my local machine, I'm actually accessing port 80 on the remote machine, all the while being moved securely through ssh. It's crazy bananas.
Say you had webmin running on a server at webmin.myisd.edu (on port 10000 by default.) You would run:
ssh -L 8080:webmin.myisd.edu:10000 user@webmin.myisd.edu
Now just direct your web browser to https://localhost:8080/ and your lovely webmin which was quite unreachable just seconds ago will now pop up. (For phpmyadmin you would have to use port 80 instead of port 10000 and go to http://localhost:8080/phpmyadmin/ instead.)
As a quick aside, you do not have to pick port 8080. It just looks like a nice number. You can choose any port you like, however if you are not root you have to choose one above 1024. Just make sure the port you pick does not already run as a service on your machine and that the port matches in the ssh command and the url.
And that is it for this fairly short tutorial. As one last comment, if you are on a remote windows machine, we all know that you will usually use PuTTY for ssh access. It too can forward ports and this tutorial will show you how to do that. That's it for now! As always, if you need any help don't hesitate to contact me.
|
