I have an Ubuntu server in my apartment and I just got a printer, so it's time to share! In the past I've used CUPS on my Desktop and I'd just point the browsers to localhost:631 to set things up. Can I used the web based admin tools remotely? I've been playing with the /etc/cups/cupsd.conf file and am currently at the point where I can direct a browser on my LAN to server-ip:631 but I'm getting the 403 Forbidden error. If it's not possible or it's a bad idea for security reasons to allow remote administrator of CUPS, would it be possible to accomplish this using an SSH tunnel to the sever?
65.3k 41 41 gold badges 196 196 silver badges 219 219 bronze badges asked Jan 29, 2011 at 21:37 3,735 5 5 gold badges 29 29 silver badges 24 24 bronze badgesI found this way to be simpler.
# cupsctl --remote-admin --remote-any --share-printers It will update the /etc/cups/cupsd.conf file and restart cups for you, saving a backup of the previous configuration in the same folder.
It's the similar to the method presented in the official CUPS guide to printer sharing. I found the options --remote-admin in man cupsctl .
195 8 8 bronze badges answered Oct 4, 2014 at 11:52 1,089 1 1 gold badge 9 9 silver badges 7 7 bronze badgesIt's sad to see many people browsing/referencing distribution-specific docs, blogs, and other sources rather than CUPS online help. :/
Commented Oct 4, 2014 at 11:54 Always use the recommended way first! They made the software! Commented Jul 27, 2015 at 20:45That's probably because they don't know what questions to ask; often, to use documentation, you either need to know exactly what you're looking for, or read the entire manual - not fun, and takes way too long. We also don't want to be CUPS experts, we just want to know how to flip one little switch.
Commented Jun 1, 2017 at 18:16 i had to do sudo service cups restart after this, but then it worked! :) (debian 10 32bit) Commented Mar 12, 2018 at 8:41 no restart needed for me. Debian 8,9 and Arch Commented Apr 19, 2018 at 10:13The way I normally achieve this is to tunnel over ssh via an arbitrary port:
ssh [email protected] -T -L 3631:localhost:631 Secure, and allows remote access. Won't solve all problems but useful for irregular access.
answered Jul 18, 2012 at 6:42 Cheetos O'Lay Cheetos O'Lay 421 4 4 silver badges 2 2 bronze badgesThis tip is awesome: without changing anything on the cups configuration, you can securely administrate cups.
Commented Feb 27, 2014 at 17:46The -T option is not really needed; it will just prevent creation of a terminal session. Leave it out if you also need a terminal session for some reason.
Commented Mar 4, 2018 at 16:38All I had to do was add "Allow all" to to the access to the server and the admin pages so that my configuration now looked like:
# Restrict access to the admin pages. Order allow,deny Allow all # Restrict access to configuration files. AuthType Default Require user @SYSTEM Order allow,deny Now I just need to figure out to only allow those on my local network to access the admin pages and the configuration files :) (though it's probably not a big deal since I don't have port forwarding for 631 set up on the router?).
EDIT: To only allow a certain computer I could have done something like
Order allow,deny Allow from 10.10.10.5 Or for the whole 10.10.10 subnet,
Order allow, deny Allow from 10.10.10.*