Re: SSH server with SBC DSL and DynDNS

From: David Efflandt (
Date: 08/04/05

Date: Thu, 4 Aug 2005 12:01:26 +0000 (UTC)

On Wed, 03 Aug 2005 17:43:46 -0700, Matthew Denny <> wrote:
> Hi all,
> I'm thinking about getting SBC DSL service (dynamic IP), but I'd like to
> be able to log into one of my Linux boxes using SSH. I'm told that an
> effective (and cheap) alternative to static IP service is to use DynDNS
> I was wondering if the following setup below will do what I want.
> AFAIK it should, but I'd like a second opinion before I shell out the
> $$$ for DSL service...

I have used a broadband router with dynamic SBC DSL, but for years have
been using an Linux on an old PC (currently Celeron 300) as
pppoe/firewall/router. Although, I have not set any internal forwarding,
so if I want to ssh to a PC on LAN, I ssh to router, then ssh from there
to private PC.

> - How long does it typically take for the dynDNS changes to propagate to
> other DNS servers? Is it on the order of minutes? hours? days?

I can't speak for dynDNS because I am using for that. My (Unix) update client is run automatically from /etc/ppp/ip-up
whenever Linux pppoe gets a new IP. TTL is 60 seconds, so any compliant
DNS cache will expire it within a minute. So update appears to be
immediate if your last DNS query was over a minute ago.

> - Are there any other complications with tunneling the SSH connections
> in terms of hostname authentication or anything else?

Another reply answered. But regardless of how you do it, if reconnected
with a different IP, any previously running ssh session or tunnel would be
dead. Keepalives can help removing those dead sessions.

> - Is SBC OK with me keeping long running SSH sessions running (e.g. on
> the order of days), provided they don't take up much bandwidth?

Depending upon when they do maintenence and reboot their equipment (on the
average every 2 weeks), I have occasionally been connected to SBC for
months at a time.

They rarely block any ports except a couple related to nasty Windows
worms. If they do block your outbound port 25, you can get that
unblocked by request.