Cannot SSH to github.com after changing to static IP

ssh networking github mac-osx static-ip

I've been using github.com for a long time, but just had my ISP switch my home internet to a static IP and now I can't SSH to github.

What happens with SSH?

The id_ed25519 key has just been re-generated. SSH just stops:

$ ssh -T -F ~/.ssh/config [email protected] -vvv

OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/xxxx/.ssh/config
debug1: /Users/xxx/.ssh/config line 1: Applying options for *
debug1: Connecting to github.com port 22.

Wireshark shows it's not getting any return packets at all:

an screen capture of my wireshark showing TCP Retransmissions

So maybe SSH isn't allowed?

Maybe! But I can ssh to AWS EC2 instances fine from the same command prompt. No issues at all.

What else have I tried?

I can use SSH over HTTPS. For example, this...

ssh -T -p 443 [email protected]

...works fine and I can connect. But I need to know WHY plain ol' port 22 isn't working for me anymore.

What changed?

I asked my ISP to assign me a static IP. They've done this. It worked. Connections out from devices on my network appear to be coming from this new static IP they've assigned.

Content of ssh config

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

And as added bonus,

$ git config --list
credential.helper=osxkeychain
user.name=xxxx
[email protected]
core.autocrlf=input

Use tcp traceroute

Following Tero Kilkanen's advice, I installed tcptraceroute, which led to resolution of the problem. Edit: I wanted to add that I hadn't used traceroute because I knew it used ICMP protocol and wouldn't be necessarily be routed the same way as my TCP SSH packets. So tcptraceroute was new to me and I think it's going to be very useful!

1). Install tcptraceroute

This is on Mac, so I used homebrew to install the suggested formula: formulae.brew.sh/formula/tcptraceroute:

$ brew install tcptraceroute

2). Running tcptraceroute

$ sudo tcptraceroute github.com 22

I've included a snippet of trace that shows it stops with the ISP:

 6  bundle-ether10.win-core10.melbourne.telstra.net (203.50.11.123)  26.865 ms  26.183 ms  27.529 ms
 7  bundle-ether2.fli-core10.adelaide.telstra.net (203.50.6.228)  34.738 ms  32.591 ms  37.021 ms
 8  bundle-ether1.fli-edge901.adelaide.telstra.net (203.50.11.155)  33.344 ms  33.840 ms  32.964 ms
 9  * * *
10  * * *
11  * * *

3). Resolution with ISP

Before phoning the ISP, I checked the account settings. Disabling the default parental controls did the trick - ssh to github.com is restored!

The rules blocked only youtube.com and that wasn't working. It seems likely that the ISP's reboot of the connection after assigning the static IP caused a re-evaluation of the configured parental control rules.

No idea why https to github.com would be allowed and not ssh (or even why github.com was blocked), but there we go - problem solved.

Related

puppet parameterised classes
"Access is denied" message after logging in to windows 2012 r2 via remote desktop
How to force Docker to rerun `apt-get update`?
Why can I change the the reserved blocks on a read only mounted ext4 filesystem?
opendkim: Restore /etc/default/opendkim to original values
How do I tell if a site is using CloudFlare reverse proxy services?
NGINX - Send request to backend if the request is coming from a crawler/bot
SSL issues "Peer's certificate issuer has been marked as not trusted by the user."
How to configure notification on degraded RAID? [closed]
Why am I unable to access my website after installing an SSL certificate using Certbot? (running Ubuntu and Nginx)
Can't run docker in Centos 7
Self signed ssl I created for localhost cannot be trusted even though I have already imported it to chrome