> Couldn't students address this with their local admins?

They could try to, sure, but normally local admins in the unis don't cave in to any demands from the students. Sometimes they don't agree even to the demands from the faculty!

> They could try to, sure, but normally local admins in the unis don't cave in to any demands from the students. Sometimes they don't agree even to the demands from the faculty!

Yep can confirm; My uni's IT department recently began blocking all inbound ssh traffic for the entire university network (including the data center ranges), and shot down any requests from students, faculty, clubs, and enterprises that asked to have an IP or two whitelisted so they could access their infrastructure from off-campus (except ITs own services were whitelisted; can't be inconveniencing them now)

A subset of us that got refused formed a mini anti-IT 'cabal' of sorts, eventually found an oversight in how they implemented the block (it just pattern-matched the initial ssh handshake version string; you can change it by compiling openssh from source), and have since been on our merry way, with IT none the wiser.

But hey, at least the security guys can sleep soundly at night thinking we're still being inconvenienced by their arbitrary decision. Clearly they must think everyone is as incompetent at locking down a network's security as they are.

Reminds me of when my uni blocked outgoing connections to unsupported protocols (including Minecraft servers). It did DPI on most ports, so we couldn't just put it on port 80 as it would recognise it as not http traffic, but the HTTPS port seemed to get excluded and just assumed as encrypted stuff, so we used to just run our Minecraft servers on port 443

We are in a sort of similar situation, but our solution was to put a Raspberry Pi in a windowsill that runs a reverse SSH tunnel (through a server in a VPS somewhere).