logoalt Hacker News

otterleyyesterday at 5:42 AM3 repliesview on HN

Not needing a different port. Middleboxes sometimes block ssh on nonstandard ports. Also, to preserve the alignment between the SSH hostname and the web service hostname, as though the user was accessing a single host at a single public address. Usability is key for them.

Replies

Dylan16807yesterday at 5:56 AM

Why would anyone configure it to do that?

Like, I understand the really restrictive ones that only allow web browsing. But why allow outgoing ssh to port 22 but not other ports? Especially when port 22 is arguably the least secure option. At that point let people connect to any port except for a small blacklist.

show 3 replies
Charon77yesterday at 5:43 AM

They don't want each vm to have different public IP

show 1 reply
gsichyesterday at 5:53 AM

Middleboxes are not relevant in this scenario.

show 1 reply