https://tools.ietf.org/html/rfc4255
Maybe that'd be among the best authoritative ways (using DNSSEC if possible) to get backups done safely using SSH? It is reasonable and important to use the least number of ports ... managed and controlled by their security level. Thoughts? n CH Confidentiality Notice | The information transmitted by this email is intended only for the person or entity to which it is addressed. This email may contain proprietary, business-confidential and/or privileged material. If you are not the intended recipient of this message, be aware that any use, review, re-transmission, distribution, reproduction or any action taken in reliance upon this message is strictly prohibited. If you received this in error, please contact the sender and delete the material from all computers.
