Marc G. Fournier wrote: > >> Since were chatting :P. My vote would be to move everything back to port >> 22 and force key based auth only. > > How does that work? Does that kill the script kiddies in their tracks? I'm > guessing so, but had never thought to try it ...
Depends on where the problem is. AFAIK, it will still go through the initial cryptographic key exchange before it even starts talking about auth methods. However, if the problem is that they are trying many different passwords *over the same connection*, it should fix the problem. I suggested this long ago for our servers in general (for other reasons), but was voted down at the time. Can't remember why though :-) This was around the same time I proposed we should not allow remote root logins... > How would someone upload their key if they don't have access? Some sort of > web > interface? One wouldn't want to throw extra admin overhead if it can be > avoided ... IIRC, you can already upload your key using the gforge web interface if you want to - it's just not mandatory. //Magnus -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers