remoting
remoting ssh:/
In order to use modseccfg with a remote server, the easiest option is to start it with a ssh: servername:
modseccfg vps:/
This obviously requires that you have an according Host entry in your
~/.ssh/config
with RSA key.
You can of course use a full hostname and user prefix:
modseccfg www-data@ssh.example.com:/
But if you don't have a key configured, the terminal would bring up the ssh password prompt quite frequently.
How does this work?
modseccfg internally starts sshfs
and binds the remote system to
~/mnt/sshname:/
. That mount will remain active while modseccfg is
running, and unmounted on exit. All *.conf file access and most log
scanning uses this filesystem mount point.
Other functions (concurrent audit log reading, or package installs) will open another ssh channel however.
Alternatives
In theory you could also use X11 forwarding, when modseccfg was installed on the server:
ssh vps -X modseccfg
In practice, this is unbearably slow. Python/Tkinter over SSH is no fun, but a fallback alternative.
So alternatively, you might want to install xpra:
xpra --start ssh:vps5 --start=modseccfg
That's much faster. But still requires both xpra and pip3 install modseccfg
on the server beforehand.
Pros & Cons
The sshfs-remoting might be slower on startup, as each Apache *.conf file has to be read individually. (And ssh/encryption does indeed have a performance price). But overall it's easier to use than installing modseccfg on the server.
Care should be taken that the ~/mnt/
point isn't accessed by other tools
(backup scripts) while modseccfg is running.
Alternatively you can change the mount point in File → Settings → Utils, of course.
There's also an sshfs_opts config option. Which you don't normally need however.