🟒 Low   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Admins cannot access Cockpit on port 9090 for remote management tasks.

Environment & Reproduction

Cockpit package installed but socket unit disabled or blocked.

systemctl status cockpit.socket

Root Cause Analysis

Socket activation was never enabled, or firewall denies cockpit service traffic.

Quick Triage

Check package, socket state, and firewalld service list.

dnf list installed cockpit
systemctl is-enabled cockpit.socket
firewall-cmd --list-services

Step-by-Step Diagnosis

Review socket activation logs and listening ports.

journalctl -u cockpit.socket -n 80
ss -ltnp | grep 9090
Illustrative mockup for rhel-10 β€” cockpit_diag
Cockpit socket inactive state β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Enable cockpit socket and allow cockpit service in firewall.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo systemctl enable --now cockpit.socket
sudo firewall-cmd --permanent --add-service=cockpit
sudo firewall-cmd --reload
Illustrative mockup for rhel-10 β€” cockpit_fix
Cockpit socket enabled and firewall opened β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Access Cockpit through SSH port forwarding if direct exposure is restricted.

Verification & Acceptance Criteria

Port 9090 listens and web login page loads securely.

ss -ltnp | grep 9090
curl -kI https://localhost:9090

Rollback Plan

Disable cockpit.socket and remove firewall service if not needed.

sudo systemctl disable --now cockpit.socket
sudo firewall-cmd --permanent --remove-service=cockpit

Prevention & Hardening

Restrict Cockpit access with trusted zones and MFA-backed identity controls.

May overlap with TLS certificate warnings and PAM policy lockouts.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Cockpit setup and hardening documentation for enterprise Linux.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.