ssh to Web Host from static IP works -- will fail if change to dynamic IP?

Hi, Henry
Using ssh from a dynamic IP address works just fine but you have to use password authentication.
There's an interesting site here discussing a possible way to get around this limitation, but I haven't tried it out.

If you want to verify for yourself that ssh really works with a dynamic IP, you could visit a friend who buys internet access from a major carrier. Their IP address is most likely dynamic; I think you'll be able to do all you need.

I hope that helps!
Caleb

iMac g3 400MHz

SSH works from any IP address your machine is using. It does not care where you are.

The problem you're going to have isn't sshing to your web server. It's going to be finding it when it moves around.

Most hosted sites use static IP addresses so that you can use a consistent name and get to the site. If you're using a dynamic IP address, that address may change over time, making it hard to keep up with where it is.

Unless someone has gone out of their way to block SSH to unknown client iPS there isn't any issue with the SSH side of things, just with the web.

How do you propose keeping track of where your site is if you're on a dynamic IP?

Oh, I understood wrong. No, you can't reliably SSH into a machine on a dynamic IP.

You might consider setting your DNS to OpenDNS: http://opendns.com/ They have a built-in dynamic IP updater for registered users. Just log into your account and it will tell you your latest home IP address.

...or register for a free dynamic DNS host name with dyndns.com and download their dynDNSupdater application to install on your computer. Then you would connect to hen3ry.dyndns.com or whatever you chose from their many domain names for your host name, and since dynDNSupdater keeps their dns server apprised of changes in your public IP address, no problem. These guys also offer a number of paid services in which you may be interested.

Insofar as you logging in via ssh, you will get a warning message saying that your new IP address has been added to ~/.ssh/known_hosts on the remote client, but that's about it. I've been using dyndns for nearly three years.

I set up a cron job on the dynamic IP site that checks its IP address every hour and e-mails me what it is when it changes. Frequently, mine will go for maybe a week between changes, although sometimes I get hourly reports. You can always adjust the frequency of your cron job if this is a problem.

I'm unfamiliar with your first type of dynamic service. Regardless, if your users have no problem accessing your website and you maintain your site using the same host/domain names as your users, then you should have no ssh issues.

Oh! I thought you were asking about the gotchas involved with setting up a website on a dynamic IP address like on your home computer, and ssh'ing into it remotely for maintenance, like when you were on business travel or something -- NOT maintaining a website on some webhost's server someplace and wanting to ssh into your shell account there from home in order to maintain the site. So never mind about the dyndns stuff.

As Caleb, Gnarlodius, et.al, have stated or suggested, the website host isn't going to care what IP address you are ssh'ing into your shell account from. Dump the static IP and save yourself a few buck$.

And as Caleb suggested, as a test, got a friend with a Mac? Got one at work? Got an Apple store nearby? Pay them a visit, launch Terminal.app, and ssh to your shell account. Different IP address than at home, right? That would prove it to you.

(There could be one "gotcha" with such a test and that would be if the website/shell account host was also your internet provider. Conceivably, they could restrict shell account access to their servers to only come from IP addresses within their own block of IP addresses, so if you had a failure with this test, you'd want to use a friend's computer that had the same ISP as you do. But I've never heard of any ISP doing that. But think about it -- ssh was made to facilitate connections and protect traffic across the untrusted internet while preventing unauthorized access.)

(As an additional sidenote, I have my own little very-small-scale mail and file server -- itself on a dynamic IP address -- courtesy of the dyndns stuff I mentioned earlier -- running at home for the benefit of family members, the majority of which no longer live here. They tunnel their afp, imap, and smtp connections through secure shell (only my upstream MTA/MX agent is permitted access to my smtp port). They are all on dynamic IP addresses. When I am on business travel, Lord only knows what IP address I'll get at some hotel someplace. But I get in to my home computer via ssh no problem. It'll be no different with your webhost/shell account provider. Yes, the IP address that I, and any authorized remote client users have, gets logged, just as they will log yours.)

Again, bottom line? Save a few buck$. Dump the static IP.