On Thu, Aug 28, 2025 at 02:53:24PM -0700, Paul Scott wrote: > Greetings, > > I started asking about this recently from a slightly different point of > view. > > My desktop computer is not always easily accessible. I often access it from > my laptop through dyndns.org. > > I can ping my desktop from my laptop with its dyndns.org address. The > address is maintained by ddclient. > > From several months ago ssh to that same address times out. (This worked for > years before that.) This is the give-out. While other advice here is good, we already know: - ping works: that means DNS is working, and ICMP gets through - ssh times out: that means connection requests (SYN) are dropped. I'd say with 95% confidence (this is a made up statistic) that there is a firewall between you and your desktop, blocking port 22. Since "you did nothing", the suspicion falls on your ISP. What can you do? Set up something in your desktop listening to ports 80 and 443 (this are HTTP and HTTPS respectively). Those are typically the last ones which your ISP closes (some do, though). You might set up a web server for that with some default page, but anything listening on those ports. Double-check locally, e.g. "sudo ss -antp" or something. Can you reach those "from the outside"? Then my hunch was right. How to fix that? (a) talk to your ISP. Good luck, most of them are probably chat-GPT driven and will talk to you but do nothing. Still worth it to drive your next ISP choice: this is capitalism and about choice, right (insert mad laughter here) (b) tunnel your ssh through port 22 (or just let sshd listen to port 22). I used to tunnel it through socat, wrapped in TLS to make the traffic as indistinguishable as possible from "real" https. You never know. Once you've found out that it is a firewalled-out port 22, you're welcome to come back for a recipe for (b). Cheers -- t
Attachment:
signature.asc
Description: PGP signature