I would like to see us have sshd listening on ports that will help
people behind firewalls be able to connect to the sshd on various GNU
machines. For example, my understanding is that Miles can connect to
port 80 and port 443 on remote machines, but nothing else. So if we
run an sshd on port 443 on each machine he cares to connect to, he
ought to be able to use ssh to connect to GNU machines.
I'm not sure if this sort of hack would also remove the need for
andrewi to run his proxy on fencepost.
I'm tempted to suggest that we use one of the spare IP addresses we
have, call it fencepost-ssh.gnu.org, and set up fencepost to listen
for ssh connections on as many ports as possible on that IP (probably
http, https, ssh, telnet, as well as any others people suggest). But
that won't scale nicely to machines at VA, where we can't necessarily
get as many IP addresses as we might like.
It may be that having machines at VA listening for ssh connection on
443 is sensible, except that on savannah we're already using that for
real enrcypted web traffic, but subversions is the same physical machine
as savannah, so we could put the savannah webserver on savannah:443,
and sshd on subversions:443.
Thoughts?
(sshd will of course continue to be run on the standard ssh port on
every machine.)