![]() This could be stored in a database, in the filesystem or in memory. This would be a bit more inconvenience for the user, however in order to log in to Webmin, they first need to log in by SSH and generate a single use token by executing a script on the server. Require a single use token generated by SSH. The public key would then be authenticated as it is in SSH connections. Alternatively, the user could copy/paste the contents of their public key into the browser if the above method wouldn't be feasable. We would need to use some tricky Javascript (tricky for me anyway) that would allow the user to select their private key from their file system and, using the passphrase, generate the respective public key client-side and send it to the server along with their username. Make the user upload the public key to the server using the browser. Here are a couple of ideas I came up with how this could be accomplished. It would be nice if we could somehow make use of the public key authentication system already in place in order to authenticate users through Webmin/Virtualmin. Because of this, I usually have Webmin disabled and enable it only when I want to use it. I have a server running Webmin and Virtualmin, however one small gripe I have is that enabling an SSH server with public key authentication and disabling password authentication is essentially defeated by enabling Webmin since it only allows password authentication and provides many functions that a user could do to authenticate themselves with full SSH access (such as a file manager for basic users and editing the sshd_conf file for root).
0 Comments
Leave a Reply. |