On Wed, 2008-11-26 at 13:57 -0800, Steve Crawford wrote: > David Fetter wrote: > > > > > > We should move to a port-knocking > > <http://dotancohen.com/howto/portknocking.html> or other modern > > strategy if we're going to move at all. > > > > > Yeah, but telling my firewall to move port 22 inside to port xxxx > outside took less time than writing this email. Inside the firewall > plain old ssh continues to work fine and I don't have to deal with > issues of forwarding additional ports through the firewall, mucking with > iptables rules, etc. > > For my servers, moving outside access to a non-standard port has proven > 100% effective for over a year so additional complexity hasn't been > warranted.
Since were chatting :P. My vote would be to move everything back to port 22 and force key based auth only. Joshua D. Drake > > Cheers, > Steve > > -- PostgreSQL Consulting, Development, Support, Training 503-667-4564 - http://www.commandprompt.com/ The PostgreSQL Company, serving since 1997 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
