Join Log in
Score:2
avatar Server

Cannot SSH to github.com after changing to static IP

br flag
Capn Sparrow

I've been using github.com for a long time, but just had my ISP switch my home internet to a static IP and now I can't SSH to github.

What happens with SSH?

The id_ed25519 key has just been re-generated. SSH just stops:

$ ssh -T -F ~/.ssh/config [email protected] -vvv

OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/xxxx/.ssh/config
debug1: /Users/xxx/.ssh/config line 1: Applying options for *
debug1: Connecting to github.com port 22.

Wireshark shows it's not getting any return packets at all:

an screen capture of my wireshark showing TCP Retransmissions

So maybe SSH isn't allowed?

Maybe! But I can ssh to AWS EC2 instances fine from the same command prompt. No issues at all.

What else have I tried?

I can use SSH over HTTPS. For example, this...

ssh -T -p 443 [email protected]

...works fine and I can connect. But I need to know WHY plain ol' port 22 isn't working for me anymore.

What changed?

I asked my ISP to assign me a static IP. They've done this. It worked. Connections out from devices on my network appear to be coming from this new static IP they've assigned.

Content of ssh config

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

And as added bonus,

$ git config --list
credential.helper=osxkeychain
user.name=xxxx
[email protected]
core.autocrlf=input
163
0 + 0
ssh
us flag
Tero Kilkanen
Have you rebooted your router after the static IP was assigned? What is the output of `tcptraceroute github.com 22`? You can install it with homebrew: https://formulae.brew.sh/formula/tcptraceroute
2
Reply
Score:2
avatar Server
br flag
Capn Sparrow

Use tcp traceroute

Following Tero Kilkanen's advice, I installed tcptraceroute, which led to resolution of the problem. Edit: I wanted to add that I hadn't used traceroute because I knew it used ICMP protocol and wouldn't be necessarily be routed the same way as my TCP SSH packets. So tcptraceroute was new to me and I think it's going to be very useful!

1). Install tcptraceroute

This is on Mac, so I used homebrew to install the suggested formula: formulae.brew.sh/formula/tcptraceroute:

$ brew install tcptraceroute

2). Running tcptraceroute

$ sudo tcptraceroute github.com 22

I've included a snippet of trace that shows it stops with the ISP:

 6  bundle-ether10.win-core10.melbourne.telstra.net (203.50.11.123)  26.865 ms  26.183 ms  27.529 ms
 7  bundle-ether2.fli-core10.adelaide.telstra.net (203.50.6.228)  34.738 ms  32.591 ms  37.021 ms
 8  bundle-ether1.fli-edge901.adelaide.telstra.net (203.50.11.155)  33.344 ms  33.840 ms  32.964 ms
 9  * * *
10  * * *
11  * * *

3). Resolution with ISP

Before phoning the ISP, I checked the account settings. Disabling the default parental controls did the trick - ssh to github.com is restored!

The rules blocked only youtube.com and that wasn't working. It seems likely that the ISP's reboot of the connection after assigning the static IP caused a re-evaluation of the configured parental control rules.

No idea why https to github.com would be allowed and not ssh (or even why github.com was blocked), but there we go - problem solved.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.