
How SSH Port Became 22 - kawera
https://www.ssh.com/ssh/port
======
jedberg
So the crux of the story is “I had to email an internet icon and she mailed me
back right away having done what I asked”.

I can sympathize. When I worked at Sendmail I was tasked with running DNS for
the company, which included Sendmail.org. The first thing I had to do was find
a secondary DNS. Our founder said to “email his friend Paul”.

It turned out his friend was Paul Vixie, the inventor of BIND, who responded
in just a couple minutes that he had set up a-root to secondary the domains I
was running.

Here I was, 22 years old at my first job, emailing with the inventor of
critical internet infrastructure who was relying on a database _I_ ran as a
source of truth.

~~~
takeda
Paul did not invent/created BIND, in fact BIND was created 8 years before he
took over its maintenance.

BIND was created in Berkeley by grad students (probably that's why originally
was so buggy) and the name stands for Berkeley Internet Name Domain. Paul of
course made major contributions to DNS and of course BIND.

~~~
cameldrv
Berkeley Internet Name Daemon

~~~
EvanAnderson
It's actually "Domain", not "Daemon". There's a couple of good episodes of
"The Network Collective" podcast that discuss the early history of DNS and
BIND:

\- [https://thenetworkcollective.com/2018/01/hon-dns-
origins/](https://thenetworkcollective.com/2018/01/hon-dns-origins/)

\- [https://thenetworkcollective.com/2018/01/dns-
adoption/](https://thenetworkcollective.com/2018/01/dns-adoption/)

------
throw0101a
Personally I find how/why FTP uses two ports, 20 and 21, to be more
interesting:

So the first thing to know is the FTP is 'old', in that it predates TCP and
originally ran on NCP:

> _The original specification for the File Transfer Protocol was written by
> Abhay Bhushan and published as RFC 114 on 16 April 1971. Until 1980, FTP ran
> on NCP, the predecessor of TCP /IP.[2] The protocol was later replaced by a
> TCP/IP version, RFC 765 (June 1980) and RFC 959 (October 1985), the current
> specification._

* [https://en.wikipedia.org/wiki/File_Transfer_Protocol](https://en.wikipedia.org/wiki/File_Transfer_Protocol)

The second thing to know is that, unlike TCP or UDP, NCP was not duplex:

> _NCP preceded the Transmission Control Protocol (TCP) as a transport layer
> protocol used during the early ARPANET. NCP was a simplex protocol that
> utilized two port addresses, establishing two connections, for two-way
> communications. An odd and an even port were reserved for each application
> layer application or protocol. The standardization of TCP and UDP reduced
> the need for the use of two simplex ports for each application down to one
> duplex port.[1]_

* [https://en.wikipedia.org/wiki/Network_Control_Program](https://en.wikipedia.org/wiki/Network_Control_Program)

So the original transport layer that FTP relied on necessitated two ports, and
when the move to a newer transport layer occurred the use of two ports was
carried over for simplicity's sake. And several decades later that design
still exists.

~~~
bbanyc
Also, Telnet was originally port 1 and FTP was port 3 (RFC 433, December
1972). On an incompatible protocol change (mentioned in RFC 542, August 1973),
they were "temporarily" moved to 23 and 21 respectively until the old versions
were taken down. Of course, the move back to 1 and 3 never happened.

Wouldn't FTP need _three_ simplex connections - commands to server, responses
from server, data transfer?

~~~
azernik
FTP puts data and commands on the same socket. This is perfectly doable in
NCP.

~~~
bbanyc
> FTP puts data and commands on the same socket.

Not on TCP it doesn't. And some of the Arpanet FTP RFCs refer to separate
connections as well, e.g. for the MAIL and MLFL commands which send email over
the command and data connections, respectively. (SMTP didn't exist yet so mail
was sent over FTP.)

------
void-star
My memory may be flawed here but I vaguely remember there being a minor
controversy over SSH being awarded port 22 instead of a competing
protocol/program called “stelnet”. It was a similar solution to SSH but only
“replaced” telnet, not FTP. Back then there were “strong feelings about” rsh
versus telnet, with SSH actually being modeled more after rsh/rcp/rlogin.
Anyway at best this is probably just more internet protocol trivia but I do
wonder if anybody can confirm I am remembering this right?

------
egtiller
This makes me wonder. What such booming technology is there right now where I
can contribute something like this and make a mark for myself?

Having born much later in the history of Internet, I think I have missed out
on many of the early magical years of the Internet.

But if I can get involved in some other technology that is in early stage and
booming and where I have a chance to contribute something that may become a
de-facto standard 10 years from now, that's something I will be very
interested to invest my time on.

~~~
Udo
The most unsatisfying but realistic answer is probably that you're best off
working on whatever sparks your passion, because making dent in the universe
seldomly happens intentionally, and if you don't succeed hugely at least you
had fun and learned a lot on the way.

If we're talking about basic tech such as networking, the time for
foundational work has probably passed, or it has at least become exponentially
more unlikely that you'll contribute another bedrock protocol or mechanism.
It's also worth noting that you never hear from the many thousands of
technologies that either failed to reach critical mass or became obsolete a
long time ago. Just like founding a startup, this will be the most likely
outcome.

If you're looking to be the first to do something, my advice is: try to do it
in space. Seriously. Finally things are happening again there, and you can
probably make your mark inventing basic necessities and/or being one of the
first people to colonize a new place.

If you're looking for something in software, opinions on what's needed differ
a lot. As an old person, my perspective is that we're going to need a way to
deal with complexity and brittleness. Our software stacks have become bloated,
unreliable, and a nightmare to debug. Things are getting slower and more buggy
year by year, because we have not yet hit the right balance between using low-
level primitives and high-level abstractions. We're now using huge frameworks
regularly for very simple things, both because it's what we're used to and
because these frameworks help paper over design defects lower down the stack.
This needs to be solved, we can't keep stacking things on top forever. There
is a real, concrete danger to our society here.

------
dang
A thread from 2018:
[https://news.ycombinator.com/item?id=17552100](https://news.ycombinator.com/item?id=17552100)

and from 2017:
[https://news.ycombinator.com/item?id=14178091](https://news.ycombinator.com/item?id=14178091)

------
dickeytk
I’m more surprised that there is an ssh.com. And that it looks like it was put
together with a bad corporate WordPress template.

~~~
ollifi
SSH is a publicly traded company since the dotcom era[1]. I think corporate
wordpress feel is in line.

[1][https://en.m.wikipedia.org/wiki/SSH_Communications_Security](https://en.m.wikipedia.org/wiki/SSH_Communications_Security)

------
fretn
slightly offtopic: I wish scp also used -p instead of -P for defining a custom
port, everytime I want to ssh or scp on a custom port I have to look up which
one of the two uses -p or -P :)

~~~
zamadatix
At least it's not like sftp where you have to put `-oPort=` and it doesn't
work if it's at the end!

------
archi42
Reminds me of a story about a professor. He has framed an old request for a
grant and put it up in his office:

> I need 20000US$.

That's all it reads (with value converted to today's dollar-value for easier
interpretation) - and of course it was granted.

~~~
andruby
I'd love to get a little more context. Who applied for the grant? Where was
this?

~~~
michaelhoffman
[https://dirnagl.com/2014/01/14/otto-warburgs-research-
grant/](https://dirnagl.com/2014/01/14/otto-warburgs-research-grant/)

~~~
archi42
Aaah, thanks! This is what I had in mind. Though I misjudged the time frame:
10000 Mark in 1921 is in the ball park of 2000 US$ today; that is, if he got
lucky, since the German hyperinflation in the 20s quickly made that money
essentially worthless.

------
im3w1l
With the benefit of hindsight, we know that ssh became extremely successful,
so allocating it a nice port was a good choice.

------
toyg
Funnily enough, changing the ssh port to a random unprivileged one is now
possibly the easiest and most effective step to harden a box... I guess it
shows how the internet has changed.

~~~
0x0
In the last two months, I've been getting lots of bruteforce scan attempts on
all my boxes that run ssh on high ports, so it seems this is no longer as
effective as it was :-/

~~~
geocrasher
You are not alone in this. This week I actually changed ports for ssh because
of the sheer number of brute force attempts. We'll see how long that holds
out.

~~~
ru552
Why not just restrict access to specific IP blocks? Even if you left it open
to Verizon's entire IP space so you can hit it with your cell, you would still
dramatically lower your incident rate.

~~~
geocrasher
Yeah I could do that I suppose. I host several people on it however. Right now
the unique port is enough.

------
craftoman
Look how easy was the whole procedure. You just sent an email and boom next
day your application's port was registered by IANA. Nowdays you must have a
team of academics backed up by Google to apply for that.

~~~
technothrasher
I remember applying for a Class C block of IP addresses back in 1993 was as
simple as sending in a preformatted email template to InterNIC and getting
your address space about twenty minutes later in a reply.

I've still got that Class C registered, but it hasn't been used in years, and
I'm not entirely sure what to do with it.

~~~
genera1
You could sell, or even better lease it out

------
RcouF1uZ4gsC
> Dear Sir,

In Finnish culture is this considered a generic term of address? From the
write up it seems like the author knew that Joyce K. Reynolds was on the IANA
but still addressed the email to “Dear Sir”.

~~~
kilpikaarna
No. "Dear sir" sounds like something he picked up in high school English
class, taught for use when addressing an unknown recipient.

If writing this in Finnish you'd normally use something very close to "Dear Mr
Reynolds".

~~~
Ndymium
Most of us rarely write such formal letters. I don't remember when is the last
time I've written something as formal for a Finnish recipient.

At school I was taught to use "Dear Sir or Madam" or "To whom it may concern"
but neither of those sound natural, they're just learned. If writing for a
Finn, I just start with "Hei" ("Hey") (in fact that has lead me to start
emails in English with just "Hey" as well). I may have used some other
formality once or twice in my life when it was required for school or such
matters but not as an adult.

So it may be that they were out of their element when writing that email and
just put the first thing that came to their mind.

~~~
Symbiote
"Hei" means "hi". You can use that in your email.

English "hey" is said when someone is annoyed. "Hey you! Stop that!"

~~~
pbhjpbhj
Hmm, tone is what differentiates the greeting and the admonishment. Your 2nd
sentence is correct, but not exclusively.

TL;DR I use "hey" as a greeting.

[en-gb native]

~~~
ljcn
> "hey" as a greeting

I blame the US TV series "Friends" for that.

Curiously the OED doesn't (yet) have this greeting sense.

~~~
OJFord
> Curiously the OED doesn't (yet) have this greeting sense.

Interesting, neither does my (more liberally accepting than Oxford) 2016
Collins. I've certainly been using it as an informal greeting since '00s.

I don't know if I got it from Friends, it wouldn't have occurred to me, but I
did start watching it around that time so it's certainly plausible.

------
hsnewman
SSH is a service, the port is a standard, but the service doesn't have to be
on port 22, it's just the standards base port. I never run it on port 22
exposed to the internet (because of the flagrant criminals on the internet
trying to hack into systems).

------
schoen
(2017)

------
tyingq
Uh, it was the next available near 23/telnet which it aimed to replace?

~~~
egdod
That’s why, not how. The how is interesting.

~~~
icedchai
Not really. He asked IANA, which was literally 2 guys in a room back in the
90's. Literally anyone could get a port assigned in those days, just like
anyone could get a /24 address block.

~~~
zatkin
Correction: 1 guy + 1 gal, not 2 guys. Joyce K. Reynolds was a woman. :-)

~~~
kortilla
Was?

~~~
throw0101a
_Channelling Mitch Hedberg:_

She used to be a woman. She still is, but she used to, too.

* [https://www.youtube.com/watch?v=VqHA5CIL0fg](https://www.youtube.com/watch?v=VqHA5CIL0fg)

More seriously, she passed away in 2015:

* [https://en.wikipedia.org/wiki/Joyce_K._Reynolds](https://en.wikipedia.org/wiki/Joyce_K._Reynolds)

------
grendelt
TLDR; "Because I just asked for it."

------
airocker
I feel so old!

