LDAP authentication or WHM behind a VPN

[Vliegtuig]

Hi everyone,

I am currently in the process of figuring out a secure, but convienent way to protect the WHM interface of our server. We do not permit any clients to access WHM; Cpanel is also not a requirement although some clients could benefit from Cpanel access.

(FYI: we are webdevelopment company and we are not keen on giving access to our clients due to security concerns).

The actual question:

I want to restrict access to the WHM interface (and possibly SSH as well) withouth using IP-restrictions. Although IP-restrictions can add an extra layer of security, I do not believe it to be very failsafe.

I am currently thinking of 2 possible solutions:

1. Connect the entire server to our company VPN and make WHM available on a local IP only
2. Authenticate to VPN using LDAP

The first solution seems to be the most secure, but I am wondering if any of you have done this before and if there are certain things to keep in mind.

I'd love to hear your thoughts on the subject.

[d_t]

[buy &] Install a SSL certificate in cPanel/WHM and configure redirection to https. Use cPHulk or a firewall like csf to block IPs that try to break password.

This is not the best way because password can be stolen - but I think is secure enough. cPanel does not accept certificate based authentication.