SSH server with SBC DSL and DynDNS

Hi all,

I'm thinking about getting SBC DSL service (dynamic IP), but I'd like to
be able to log into one of my Linux boxes using SSH. I'm told that an
effective (and cheap) alternative to static IP service is to use DynDNS.
I was wondering if the following setup below will do what I want.
AFAIK it should, but I'd like a second opinion before I shell out the
$$$ for DSL service.

Setup:

I'm planning on connecting my DSL modem directly into a router (e.g.
Linksys), which will negotiate the PPoE connection with SBC (dynamic IP
DSL service). Thus, the router will get an IP address from SBC's DHCP
server. I plan to register a dynDNS domain name (e.g.
foobar.dyndns.org) and have the router update dynDNS when the IP address
changes (I'm told some linksys routers will do this). I plan to have my
PCs sit on the other side of the router, which will each have 192.68.0.
addresses. I will use NAT/IP Masquerading in the router to connect my
PCs to the rest of the internet. So that I can SSH into one of my linux
boxes, I will have the router forward any incoming traffic on the SSH
port to my Linux box's IP address (e.g. 192.68.0.1). That way, I should
be able to SSH to my dynDNS domain name, and connect to the correct
Linux box.

If I should be doing something different, please let me know. If this
is how you do it, I have the following questions:

- How long does it typically take for the dynDNS changes to propagate to
other DNS servers? Is it on the order of minutes? hours? days?

- Are there any other complications with tunneling the SSH connections
in terms of hostname authentication or anything else?

- Is SBC OK with me keeping long running SSH sessions running (e.g. on
the order of days), provided they don't take up much bandwidth?


thanks in advance for your help,
Matt

In comp.os.linux.networking Matthew Denny <(E-Mail Removed)>:
> Hi all,

> I'm thinking about getting SBC DSL service (dynamic IP), but I'd like to
> be able to log into one of my Linux boxes using SSH. I'm told that an
> effective (and cheap) alternative to static IP service is to use DynDNS.

[..]

> If I should be doing something different, please let me know. If this
> is how you do it, I have the following questions:

> - How long does it typically take for the dynDNS changes to propagate to
> other DNS servers? Is it on the order of minutes? hours? days?

It doesn't propagate, despite the dynDNS server own secondaries
to anything on its own at all. You want to check the TTL (Time to
live) for the dynDNS service, which means the time other DNS
server will keep the record once queried in their cache and
answer queries with it before asking one of the authoritative
dynDNS server again.

> - Are there any other complications with tunneling the SSH connections
> in terms of hostname authentication or anything else?

Hostname verification should fall every time DNS record is
updated, so will host based authentication. I'd switch that off
and use user key authentication.

Good luck

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 295: The Token fell out of the ring. Call us when
you find it.

On Wed, 03 Aug 2005 17:43:46 -0700, Matthew Denny <(E-Mail Removed)> wrote:
> Hi all,
>
> I'm thinking about getting SBC DSL service (dynamic IP), but I'd like to
> be able to log into one of my Linux boxes using SSH. I'm told that an
> effective (and cheap) alternative to static IP service is to use DynDNS
> I was wondering if the following setup below will do what I want.
> AFAIK it should, but I'd like a second opinion before I shell out the
> $$$ for DSL service...

I have used a broadband router with dynamic SBC DSL, but for years have
been using an Linux on an old PC (currently Celeron 300) as
pppoe/firewall/router. Although, I have not set any internal forwarding,
so if I want to ssh to a PC on LAN, I ssh to router, then ssh from there
to private PC.

> - How long does it typically take for the dynDNS changes to propagate to
> other DNS servers? Is it on the order of minutes? hours? days?

I can't speak for dynDNS because I am using no-ip.com for that. My
no-ip.com (Unix) update client is run automatically from /etc/ppp/ip-up
whenever Linux pppoe gets a new IP. TTL is 60 seconds, so any compliant
DNS cache will expire it within a minute. So update appears to be
immediate if your last DNS query was over a minute ago.

> - Are there any other complications with tunneling the SSH connections
> in terms of hostname authentication or anything else?

Another reply answered. But regardless of how you do it, if reconnected
with a different IP, any previously running ssh session or tunnel would be
dead. Keepalives can help removing those dead sessions.

> - Is SBC OK with me keeping long running SSH sessions running (e.g. on
> the order of days), provided they don't take up much bandwidth?

Depending upon when they do maintenence and reboot their equipment (on the
average every 2 weeks), I have occasionally been connected to SBC for
months at a time.

They rarely block any ports except a couple related to nasty Windows
worms. If they do block your outbound port 25, you can get that
unblocked by request.