On Wed, 2008-11-26 at 13:57 -0800, Steve Crawford wrote:
> David Fetter wrote:
> >
> >
> > We should move to a port-knocking
> > <http://dotancohen.com/howto/portknocking.html> or other modern
> > strategy if we're going to move at all.
> >
> >
> Yeah, but telling my firewall to move port 22 inside to port xxxx
> outside took less time than writing this email. Inside the firewall
> plain old ssh continues to work fine and I don't have to deal with
> issues of forwarding additional ports through the firewall, mucking with
> iptables rules, etc.
>
> For my servers, moving outside access to a non-standard port has proven
> 100% effective for over a year so additional complexity hasn't been
> warranted.
Since were chatting :P. My vote would be to move everything back to port
22 and force key based auth only.
Joshua D. Drake
>
> Cheers,
> Steve
>
>
--
PostgreSQL Consulting, Development, Support, Training 503-667-4564 - http://www.commandprompt.com/ The PostgreSQL
Company,serving since 1997