Open Ports to Github and Google Cloud

Hi,

your question is a little wide ranging. Please provide details about source eg is it multiple or just the server in the robotic club?

You can limit destinations in firewall rules along with allowed users and limit applications etc. The school firewall admin must have built some rules that restrict student and teacher access?

Ian

Sorry...got a chance to have a talk with the teacher and have some more details:

Google Cloud - resolved.  He was able to give enough specifics that allowed me to create a rule that keeps it pretty well locked.

GitHub - They want to use a combination of BYOD and school computers to connect to GitHub using port 22 (SSH) for programming updates.  Please see here if you are curious about the GitHub info for SSH connections:

https://help.github.com/articles/connecting-to-github-with-ssh/

This will be done at various times (the club does not always meet on the same day/time) and all the students need the access, so I can't restrict it to a dedicated source computer.  They do not have a specific IP or server that they will be connecting to and GitHub has a constantly changing list of IPs, so I can't restrict it to a specific destination.

Currently, it appears they are able to connect with SSH over HTTPS.  Since there doesn't seem to be a good way to securely use port 22, I think it may just need to stay closed.

You could try a rule that is only to the GITHUB FQDN and lock the protocol to SSH.

Ian

Hello!  Actual GitHub employee here.  I'm a Solutions Engineer who also has a kid in a robotics class that needs access to GitHub.  What a crazy coincidence, I stumbled on this post Googling something completely unrelated.  So GitHub supports communication over TLS (SSL), but that requires the kids to configure Git with usernames and passwords and is more clunky to use.  We do not run SSH over TLS, they're separate protocols, thus the separate ports.  SSH is pretty secure, can you elaborate a bit on why you want to keep port 22 locked down?  Literally 1000s of very security conscious companies and gov't entities worldwide use this method exclusively, as do we at GitHub.  I'd be happy to discuss this in more detail if you'd like and provide whatever info/support you need.  

I'm pushing the kids in my daughters club to use GitHub because it's become such a foundational element of any developer's personal brand, and it's a great skill to have if any of them choose to pursue software as a career.  It also makes it tons easier for them to keep their code safe and collaborate.  At the moment my kid and her teammates are emailing code back and forth.  

Thanks for doing what you do to help our kids and our schools.  I really appreciate it!!

Hi K M 

As rightly said by rfcat_vk you may configure FQDN host for GitHub URLs required to access the data from GitHub and allow SSH and HTTPS service only.

Bryan Cross It would be great if you could share the list of URLs required to access the data as requested.

I can try :) . GitHub URLs use the account holder or an organization as their root.  So for example, if my GitHub userid is johndoe, all my stuff is going to be under https://github.com/johndoe/*.  If the robotics team has an organization (which I recommend but it's not necessary), then it'd be the name of the org, e.g., https://github.com/roboteam/.  The homepage, https://github.com, is the user landing page and provides a feed of events, notifications, and handy links.  

Let me know if you need anything else.  If I can't provide answers myself I've got access to folks who can.  As a company we're _extremely_ supportive of education, so we'll definitely work with you.  Thanks again.  Happy to hop on a call if that would be quicker/more efficient.  -- Bryan

Hi Bryan Cross 

Thank you very much for your response. Much appreciated!