Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 41 subscribers
  • Views 4241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Open Ports to Github and Google Cloud

K M

I work at a school district and we have a Robotics club.  The teacher has requested the following:

 

"We need port 22 opened to GitHub for code updates.  Also, port 3306 needs to be opened to the databases on the Google Cloud (<IP Address 1> and <IP Address 2>)."

 

This seems like a big risk to have it wide open, even if it is only outbound.  Any thoughts on how to allow this and still keep things as secure as possible?  We are required to filter the student's traffic, so I am concerned they will just use this to bypass our filter (we use Sophos XG for firewall and web filter).



This thread was automatically locked due to age.
Parents
  • 0

    Hello!  Actual GitHub employee here.  I'm a Solutions Engineer who also has a kid in a robotics class that needs access to GitHub.  What a crazy coincidence, I stumbled on this post Googling something completely unrelated.  So GitHub supports communication over TLS (SSL), but that requires the kids to configure Git with usernames and passwords and is more clunky to use.  We do not run SSH over TLS, they're separate protocols, thus the separate ports.  SSH is pretty secure, can you elaborate a bit on why you want to keep port 22 locked down?  Literally 1000s of very security conscious companies and gov't entities worldwide use this method exclusively, as do we at GitHub.  I'd be happy to discuss this in more detail if you'd like and provide whatever info/support you need.  

    I'm pushing the kids in my daughters club to use GitHub because it's become such a foundational element of any developer's personal brand, and it's a great skill to have if any of them choose to pursue software as a career.  It also makes it tons easier for them to keep their code safe and collaborate.  At the moment my kid and her teammates are emailing code back and forth.  

    Thanks for doing what you do to help our kids and our schools.  I really appreciate it!!

Reply
  • 0

    Hello!  Actual GitHub employee here.  I'm a Solutions Engineer who also has a kid in a robotics class that needs access to GitHub.  What a crazy coincidence, I stumbled on this post Googling something completely unrelated.  So GitHub supports communication over TLS (SSL), but that requires the kids to configure Git with usernames and passwords and is more clunky to use.  We do not run SSH over TLS, they're separate protocols, thus the separate ports.  SSH is pretty secure, can you elaborate a bit on why you want to keep port 22 locked down?  Literally 1000s of very security conscious companies and gov't entities worldwide use this method exclusively, as do we at GitHub.  I'd be happy to discuss this in more detail if you'd like and provide whatever info/support you need.  

    I'm pushing the kids in my daughters club to use GitHub because it's become such a foundational element of any developer's personal brand, and it's a great skill to have if any of them choose to pursue software as a career.  It also makes it tons easier for them to keep their code safe and collaborate.  At the moment my kid and her teammates are emailing code back and forth.  

    Thanks for doing what you do to help our kids and our schools.  I really appreciate it!!

Children
No Data
Unfiltered HTML