In this example, my bastion host is running RHEL 9. With the bastion host method, you start by installing and enabling the Cockpit web server on a single bastion host. With these methods, the remote hosts on which you are accessing the web console do not need to be running the Cockpit web server, do not need any open ports in firewalls other than the SSH port, and TLS certificates do not need to be configured.Īnother advantage of using SSH connections is that most environments already have SSH running and configured, and most organizations already have firewall / network communications configured to allow SSH traffic.ĭue to these advantages, it is recommended to use one of the methods that connects to the web console over SSH rather than running the Cockpit web server on each host. The Cockpit Client Flatpak application that can be run on Linux workstations, which uses SSH connections to connect to the web console on remote hosts (note that Red Hat does not provide support for the Cockpit Client Flatpak). Red Hat Satellite integration with the web console that utilizes Satellite remote execution SSH keys/infrastructure. Running the Cockpit web server on a single bastion host, and using it to connect over SSH to remote RHEL hosts. There are several ways to access the web console over an SSH connection: A future article will focus on running the Cockpit web server on each RHEL host. This article focuses on the access methods that utilize an SSH connection. Based on these considerations, access methods that utilize an SSH connection are preferred. Of course the web console also supports using signed TLS certificates, but this increases the time and effort needed to implement and maintain the web console. Also, the web console uses self-signed certificates by default, which can lead to man-in-the-middle attacks. One concern is that every open port on a system increases the attack surface. There are disadvantages of running the Cockpit web server on every host. Running the Cockpit web server on each RHEL host, and connecting over an HTTPS connection (which defaults to port 9090). Web console access methods that utilize an SSH connection. There are two main methods to access the web console: Within RHEL, the RPM packages and other components use the Cockpit name, so you will see the names web console and Cockpit used interchangeably. The RHEL web console is based on the upstream Cockpit project. If you are using the web console in your environment, it is important that you properly configure it to meet your organization's security requirements. For more information about the web console, see the Managing systems using the RHEL 9 web console documentation. The web console provides a web-based graphical interface for managing and monitoring systems that can be used to complete a wide variety of tasks, such as managing storage, users and the firewall, monitoring performance metrics, reviewing log files, installing system updates and more. There are two primary methods available to remotely manage and administer a Red Hat Enterprise Linux (RHEL) system: the command line interface over an SSH connection and the RHEL web console.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |