Hacker News new | ask | show | jobs
by vectorEQ 2714 days ago
i do want to be cynical: sed -i -e 's/#Port 22/Port 443/g' /etc/ssh/sshd_config

on a more serious note, as you described but maybe from a more grumpy person: i don't think it's a great service, as it just compromises credentials by default while a normal configuration could solve it.

if the server is also hosting some https website, then put it on an alternate ipv6 address (they are free if not cheap) and ssh into that. you only need to edit 2 files on your server for that to work :s why pay 5$ a month if you already have a capable server you are paying for??

the promise of not storing credentials etc. is nice, but if your servers are compromised it will be childsplay for efarious people to intercept them even if you didn't design that aspect to happen in the service design.
3 comments
icebraining 2714 days ago
> if the server is also hosting some https website, then put it on an alternate ipv6 address (they are free if not cheap) and ssh into that.

There's also sslh, which can multiplex the same port by detecting whether the incoming connection is TLS or SSH, and forwarding appropriately. It's pretty cool: https://www.rutschle.net/tech/sslh/README.html

That said, I think this service is for people who need to use computers without ssh clients installed locally.

link
vectorEQ 2714 days ago
its funny this came to my mind thinking about it but i wasn't aware it already existed. thanks for that.
link
michaelmior 2714 days ago
> a normal configuration could solve it

Could you explain what you mean by this? I get not everyone wants this, but just making SSH listen on port 443 doesn't give you access on a computer without an SSH client.

link
awill 2714 days ago
correct. You still need a client. The Op is probably referring to getting around firewall restrictions. Some companies block all outbound ports except p80 and p443, so if you work at such a company, you can't access your personal machine over p22. Shellvault lets you do that on p443. But so does changing your SSH server to listen on p443.

A self hosted version of this might make a little more sense. However, it is still putting all your credentials in one place.

link
pmalynin 2714 days ago
I mean there is also Teleport (Gravitational) that you could self host and get around most of those issues.
link
progval 2714 days ago
> if the server is also hosting some https website, then put it on an alternate ipv6 address

Or use sslh if you're stuck on IPv4

link