The SSH daemon listening on port 55555 currently listens on all network interfaces, which is problematic for devices that are going to be deployed on untrusted networks. Ideally this would be limited to the balenaCloud VPN connection, and optionally any explicitly safelisted interfaces configured by the user.
We can work around this by deploying a container to set up iptables rules, but that does result in a race condition where the host OS SSH daemon is up, but the container has not yet been started.