For years now, my employer has not allowed ssh out their firewall. But they do have a telnet relay where you telnet to a particular server in the DMZ, and then telnet from there outside. Yeah, believe it or not, they think ssh isn’t secure (or more likely, have never heard of it because it’s not part of a default Windows installation) but telnet is ok. Of course, imap, pop and nntp aren’t allowed either. Heck, even DNS isn’t allowed – you can’t resolve any external domain names from internal machines.
And because I don’t run a telnet server on my home server, I have to telnet to their relay, then telnet to a friend’s server, and then ssh from there. But that’s what I go through in order to access my home email, Usenet, check files on my home server, and do a million other things.
Today I got the word – no more telnet access unless you can make a business case for it. The smarmy email from corporate IT says “please try to find a more secure means of communication”. Well, sure, I’d happily switch to a more secure means of communication IF YOU HADN’T FUCKING BLOCKED THEM ALL AT THE FIREWALL.