Re: What's going on with pgfoundry?

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc: jd(at)commandprompt(dot)com, Steve Crawford <scrawford(at)pinpointresearch(dot)com>, David Fetter <david(at)fetter(dot)org>, Kris Jurka <books(at)ejurka(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, Tatsuo Ishii <ishii(at)postgresql(dot)org>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: What's going on with pgfoundry?
Date: 2008-11-26 22:11:50
Message-ID: 492DC9A6.7020503@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Marc G. Fournier wrote:
>
>> Since were chatting :P. My vote would be to move everything back to port
>> 22 and force key based auth only.
>
> How does that work? Does that kill the script kiddies in their tracks? I'm
> guessing so, but had never thought to try it ...

Depends on where the problem is. AFAIK, it will still go through the
initial cryptographic key exchange before it even starts talking about
auth methods. However, if the problem is that they are trying many
different passwords *over the same connection*, it should fix the problem.

I suggested this long ago for our servers in general (for other
reasons), but was voted down at the time. Can't remember why though :-)
This was around the same time I proposed we should not allow remote root
logins...

> How would someone upload their key if they don't have access? Some sort of web
> interface? One wouldn't want to throw extra admin overhead if it can be
> avoided ...

IIRC, you can already upload your key using the gforge web interface if
you want to - it's just not mandatory.

//Magnus

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Joshua D. Drake 2008-11-26 22:12:42 Re: What's going on with pgfoundry?
Previous Message Alvaro Herrera 2008-11-26 22:10:07 Re: What's going on with pgfoundry?