Anyway, just before announcing ssh-1.0 in July 1995, I sent this e-mail to IANA:

From ylo Mon Jul 10 11:45:48 +0300 1995 From: Tatu Ylonen ylo@cs.hut.fi
To: Internet Assigned Numbers Authority iana@isi.edu
Subject: request for port number
Organization: Helsinki University of Technology, Finland
Dear Sir, I have written a program to securely log from one machine into another over an
insecure network. It provides major improvements in security and functionality over existing
telnet and rlogin protocols and implementations. In particular, it prevents IP, DNS and
outing spoofing. My plan is to distribute the software freely on the Internet and to get it
into as wide use as possible. I would like to get a registered privileged port number for
the software.

The number should preferably be in the range 1-255 so that it can be used in the WKS field
in name servers. I'll enclose the draft RFC for the protocol below. The software has been in
local use for several months, and is ready for publication except for the port number. If
the port number assignment can be arranged in time, I'd like to publish the software already
this week. I am currently using port number 22 in the beta test.

It would be great if this number could be used (it is currently shown as Unassigned in the
lists). The service name for the software is "ssh" (for Secure Shell).

Yours sincerely, Tatu Ylonen ylo@cs.hut.fi ... followed by protocol specification
for ssh-1.0
The next day, I had an e-mail from Joyce waiting in my mailbox:

Date: Mon, 10 Jul 1995 15:35:33 -0700 From: jkrey@ISI.EDU To: ylo@cs.hut.fi Subject:
Re: request for port number Cc: iana@ISI.EDU
Tatu, We have assigned port number 22 to ssh, with you as the point of contact. Joyce
There we were! SSH port was 22!!!

très détaillé et précis!

Qu'est-ce que c'est ? Apache Guacamole est une passerelle pour la prise en main à distance sans clie

ssh -L port-local:HOSTNAME:port-distant machine-distante

je cherche tjs cette fucking commande

wha je m'attendais à un vrai hardening ssh, non c'est juste "ça"

:-/

un article fort intéressant sur l'intérêt d'une PKI pour gérer SSH

via blue

Ciphers et MACs keywords

Un article sympa sur la sécurisation de SSH via devops weekly

très intéressant, j'en connaissais beaucoup mais la partie sur les fichiers de config m'a apporté :)
[edit]
Ainsi que l'agent forwarding Oo j'en avias parlé avec Ju mais je n'avais jamais vu de mise en oeuvre !

socat -d -d TCP-L:22,reuseaddr,fork SYSTEM:"nc \$SOCAT_PEERADDR 22"

c'est drôle :-)

La commande récupère une connexion port 22 (SSH donc) et la redirige vers ... l'émetteur de la commande :D

via blue again

ssh user@server 'bash -s' < local_script.sh > local_script.log 2>&1

pour ma part, je faisais un cat script.sh | ssh bash -c ou -x ou -s selon ce que l'on veut faire

y a sslh sinon si le but c'est de mettre du ssh+443

permet de faire à la fois du https ET du ssh sur le port 443 :)