Marc G. Fournier wrote:
>
>> Since were chatting :P. My vote would be to move everything back to port
>> 22 and force key based auth only.
>
> How does that work? Does that kill the script kiddies in their tracks? I'm
> guessing so, but had never thought to try it ...
Depends on where the problem is. AFAIK, it will still go through the
initial cryptographic key exchange before it even starts talking about
auth methods. However, if the problem is that they are trying many
different passwords *over the same connection*, it should fix the problem.
I suggested this long ago for our servers in general (for other
reasons), but was voted down at the time. Can't remember why though :-)
This was around the same time I proposed we should not allow remote root
logins...
> How would someone upload their key if they don't have access? Some sort of web
> interface? One wouldn't want to throw extra admin overhead if it can be
> avoided ...
IIRC, you can already upload your key using the gforge web interface if
you want to - it's just not mandatory.
//Magnus