Cockpit is an easy and simple remote management software for Linux servers. It is now included in Debian 10 Buster.
It runs on several Linux distributions, including Debian, Ubuntu, Fedora, CentOS, RHEL and Arch Linux.
With Cockpit, you can manage multiple Linux servers via your web browser. Here is an simple setup to get started with Cockpit.
Installation is very simple:
apt install cockpit
Now open https://YOUR_SERVER:9090 with your Browser.
You should now be able to log in with any system user. (Include root!)
Cockpit uses firewalld to interact with the system’s firewall. But there is a litte bug in iptables Version 1.8.2.
You need to install Version 1.8.3 from debian backports first!
Edit ‘/etc/apt/sources.list’ add the following line:
deb http://deb.debian.org/debian buster-backports main
Now install the new iptables with:
apt update apt-get -t buster-backports install "iptables"
Now install firewalld:
apt install firewalld
After the installation Cockpit Web GUI becomes unavailable because it is now blocked by the firewall.
You can add it by port:
firewall-cmd --zone=public --add-port=9090/tcp --permanent
Or with the service name:
firewall-cmd --zone=public --add-service=cockpit --permanent
After any changes, reload firewalld:
You can see your settings with:
firewall-cmd --zone=public --list-all
public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Now open your Browser again. You can now manage your firewall with cockpit:
Note: If you want to manage the firewall on other servers (see next step) you have to install firewalld on this servers, too.
Ensure that your user has ssh access to all machines and is in the sudoers group.
apt install sudo adduser sebastian sudo
Install packages on other systems. You need to install the ‘cockpit-bridge’. All other packages are optional, but you need ‘cockpit-system’ to see the system status.
apt install cockpit-bridge cockpit-system cockpit-networkmanager cockpit-packagekit
Now add the machines to your primary cockpit server:
Here is an example for update your system via cockpit. ‘cockpit-packagekit’ is required for this feature:
Note: If you want to manage docker or virtual machines on one of the servers, you may want to install ‘cockpit-docker’ or ‘cockpit-machines’.
Disable root login
Cockpit allows the root user to login using his password, even when sshd is configured to not permit root login.
Edit ‘/etc/pam.d/cockpit’ and add the following line:
auth requisite pam_succeed_if.so uid >= 1000
Now only users can login into Cockpit.
Install from backports
We already installed the latest iptables from debain backports. Debian currently install Version 188 of cockpit but 218 is the latest release (at this time).
apt-get -t buster-backports install "cockpit"
Install Version 217 on your system. It is up to you, whether you want to use a stable release or the one from the backports.