Setting Up Your VPS with Gemini CLI or Claude Code

forest

@artxs said: The idea of tying service "legitimacy" to a port number is a boomer's game that should've died long ago.

I agree, but unfortunately we live in a world where people do click through warnings.

And when the port you're trying to bind to is in the ephemeral range (and isn't set to reserved), sshd may not start even if there's no attacker in the equation at all. That alone is a reason not to use TCP/34221.

Besides that, the only other issues are unlikely and contrived:

1. Denial of service from a local attacker
2. MITM by local process after side-channel attack obtaining host keys
3. Pre-auth RCE against clients (quite rare)

I agree that the primary purpose of making low ports privileged is no longer relevant as we no longer run things on massive shared servers with HTTP on port 80 and a bunch of untrusted users with personal sites on domain/~username/ and shell accounts, but that doesn't mean that binding SSH to port 34221 is smart or doesn't have security issues.