SSH server with SBC DSL and DynDNS

Hi all,

I'm thinking about getting SBC DSL service (dynamic IP), but I'd like to be able to log into one of my Linux boxes using SSH. I'm told that an effective (and cheap) alternative to static IP service is to use DynDNS. I was wondering if the following setup below will do what I want. AFAIK it should, but I'd like a second opinion before I shell out the $$$ for DSL service.


I'm planning on connecting my DSL modem directly into a router (e.g. Linksys), which will negotiate the PPoE connection with SBC (dynamic IP DSL service). Thus, the router will get an IP address from SBC's DHCP server. I plan to register a dynDNS domain name (e.g. and have the router update dynDNS when the IP address changes (I'm told some linksys routers will do this). I plan to have my PCs sit on the other side of the router, which will each have 192.68.0. addresses. I will use NAT/IP Masquerading in the router to connect my PCs to the rest of the internet. So that I can SSH into one of my linux boxes, I will have the router forward any incoming traffic on the SSH port to my Linux box's IP address (e.g. That way, I should be able to SSH to my dynDNS domain name, and connect to the correct Linux box.

If I should be doing something different, please let me know. If this is how you do it, I have the following questions:

- How long does it typically take for the dynDNS changes to propagate to other DNS servers? Is it on the order of minutes? hours? days?

- Are there any other complications with tunneling the SSH connections in terms of hostname authentication or anything else?

- Is SBC OK with me keeping long running SSH sessions running (e.g. on the order of days), provided they don't take up much bandwidth?

thanks in advance for your help, Matt

Reply to
Matthew Denny
Loading thread data ...

In comp.os.linux.networking Matthew Denny :


It doesn't propagate, despite the dynDNS server own secondaries to anything on its own at all. You want to check the TTL (Time to live) for the dynDNS service, which means the time other DNS server will keep the record once queried in their cache and answer queries with it before asking one of the authoritative dynDNS server again.

Hostname verification should fall every time DNS record is updated, so will host based authentication. I'd switch that off and use user key authentication.

Good luck

Reply to
Michael Heiming

I have used a broadband router with dynamic SBC DSL, but for years have been using an Linux on an old PC (currently Celeron 300) as pppoe/firewall/router. Although, I have not set any internal forwarding, so if I want to ssh to a PC on LAN, I ssh to router, then ssh from there to private PC.

I can't speak for dynDNS because I am using for that. My (Unix) update client is run automatically from /etc/ppp/ip-up whenever Linux pppoe gets a new IP. TTL is 60 seconds, so any compliant DNS cache will expire it within a minute. So update appears to be immediate if your last DNS query was over a minute ago.

Another reply answered. But regardless of how you do it, if reconnected with a different IP, any previously running ssh session or tunnel would be dead. Keepalives can help removing those dead sessions.

Depending upon when they do maintenence and reboot their equipment (on the average every 2 weeks), I have occasionally been connected to SBC for months at a time.

They rarely block any ports except a couple related to nasty Windows worms. If they do block your outbound port 25, you can get that unblocked by request.

Reply to
David Efflandt Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.