Also, both SSH and HTTP have defined authentication mechanisms built into the protocol.
The HTTP spec has a response code, 403, for indicating that a request (potentially without authentication information) is unauthorized. SSH has a similar defined response.
If there's _no authentication around it_, I would argue that it's published to the public web, regardless of the protocol in use to deliver it.
The HTTP spec has a response code, 403, for indicating that a request (potentially without authentication information) is unauthorized. SSH has a similar defined response.
If there's _no authentication around it_, I would argue that it's published to the public web, regardless of the protocol in use to deliver it.