Diffusion needs port 222 to be open so that I can get access to the shell while serving git cloning nomally. The port probably shouldn't be open on machines without being setup to handle it. https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#configuring-ssh
yes, the instances are in the same project. see above link for this quote:
"Every project has a 'default' security group that provides access to ssh and Nagios (which is used for status monitoring.) Unless you are doing something very unusual, you will want every instance to be a member of the default group. "
so technically you could have one instance use a different (non-default) group, but i would not recommend doing that. change the existing default group instead if you think that's ok to open the port. i remember there was a bug that only happened when you create new groups, so the recommendation was always to change the default instead of making one.
Essentially all you need to do is click "Add rule" in the default group, put 222 in both the beginning and end port range inputs, tcp as the protocol, and 0.0.0.0/0 as the CIDR range (and don't change the source group).
TBH far more people are going to be annoyed and inconvenienced with git on
a weird port than ssh. Only a few people will ever ssh in. If I'm doing
it in prod and it is my call now I'm reversing the ports.