Em 15-06-2015 17:00, Pablo Lezaeta Reyes escreveu:
Is not the only as pointer in this thread, also you not considered the idea that burocracy for somethink that simple as oppen a port could take months if not year or even coutless failed attempts?
Well, each organization has it's own process. But, it doesn't protect any internal machine not to allow outgoing ssh.
In my school we get attempts to forcebrute into ouir server... this once was attempted throw port 22, that what I get in response for request open port 22 in my school firewal.
Yes, this is a common problem. You can have some sort of blocking daemon, like fail2ban, or you can change the ssh port altogether. But, I don't see arch doing this, since tcp port 22 is the IANA assigned port for SSH. I bet they have bruteforce mitigations in place, on top of only allowing PubKey authentication.
Therefor they refuse to open 22 since that insident.
or you think is saner that every user repeat a process for every machine, instead of offerted an alternative port for those countless users that cant (as I mention ealy) oppen 22? Well burocracy and dumb admins are nought to not let you open port 22, this word is a place ful of peoples of all kinds, and full of dumb decisions.
If they can't distinguish, as other people already mentioned, from incoming and outgoing, then they should really rethink their carreers. It's the same thing with ICMP or VLAN's. I don't really worry about being blocked at any place I might go because I use a VPN. I think everybody should get one, not just for better privacy and unblocked internet access, but for avoiding ISP QoS. But it's sad to know that some people will let this kind of blocking (which is relatively easy to circumvent) prevent them from contributing to arch. Cheers, Giancarlo Razzolini