Cockpit 290

Cockpit is the modern Linux admin interface. We release regularly.

Here are the release notes from Cockpit 290, cockpit-machines 288, and cockpit-podman 67:

webserver: Disallow direct URL logins with LoginTo=false

cockpit.conf has a LoginTo= option. This allows the admin to disable the login page’s “Connect to:” functionality for directly logging into a remote host through SSH. Setting it to false previously still left the possibility of a remote login through directly specifying an appropriate URL. With this Cockpit version, LoginTo=false disallows logins through remote URLs as well.

If cockpit-ws is exposed to the public internet, and also has access to a private internal network, it is recommended to explicitly set LoginTo=false. This prevents unauthenticated remote attackers from scanning the internal network for existing machines and open ports.

Machines: Indicate need for shutdown

The VM list and detail pages now display a “changes pending” status label to indicate that the VM needs to be shut down for recent configuration changes to take effect. Clicking the label lists the specific changes.

screenshot of indicate need for shutdown

Machines: Delete storage file when detaching disk

When detaching a disk from a VM, the underlying storage file can now be deleted as well.

Screenshot from 2023-04-18 15-13-08

Try it out

Cockpit 290 and cockpit-machines 288 are available now: