Cannot SSH to github.com after changing to static IP
I've been using github.com for a long time, but just had my ISP switch my home internet to a static IP and now I can't SSH to github.
What happens with SSH?
The id_ed25519 key has just been re-generated. SSH just stops:
$ ssh -T -F ~/.ssh/config [email protected] -vvv
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/xxxx/.ssh/config
debug1: /Users/xxx/.ssh/config line 1: Applying options for *
debug1: Connecting to github.com port 22.
Wireshark shows it's not getting any return packets at all:
an screen capture of my wireshark showing TCP Retransmissions
So maybe SSH isn't allowed?
Maybe! But I can ssh to AWS EC2 instances fine from the same command prompt. No issues at all.
What else have I tried?
I can use SSH over HTTPS. For example, this...
ssh -T -p 443 [email protected]
...works fine and I can connect. But I need to know WHY plain ol' port 22 isn't working for me anymore.
What changed?
I asked my ISP to assign me a static IP. They've done this. It worked. Connections out from devices on my network appear to be coming from this new static IP they've assigned.
Content of ssh config
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
And as added bonus,
$ git config --list
credential.helper=osxkeychain
user.name=xxxx
[email protected]
core.autocrlf=input
Use tcp traceroute
Following Tero Kilkanen's advice, I installed tcptraceroute, which led to resolution of the problem. Edit: I wanted to add that I hadn't used traceroute
because I knew it used ICMP protocol and wouldn't be necessarily be routed the same way as my TCP SSH packets. So tcptraceroute
was new to me and I think it's going to be very useful!
1). Install tcptraceroute
This is on Mac, so I used homebrew to install the suggested formula: formulae.brew.sh/formula/tcptraceroute:
$ brew install tcptraceroute
2). Running tcptraceroute
$ sudo tcptraceroute github.com 22
I've included a snippet of trace that shows it stops with the ISP:
6 bundle-ether10.win-core10.melbourne.telstra.net (203.50.11.123) 26.865 ms 26.183 ms 27.529 ms
7 bundle-ether2.fli-core10.adelaide.telstra.net (203.50.6.228) 34.738 ms 32.591 ms 37.021 ms
8 bundle-ether1.fli-edge901.adelaide.telstra.net (203.50.11.155) 33.344 ms 33.840 ms 32.964 ms
9 * * *
10 * * *
11 * * *
3). Resolution with ISP
Before phoning the ISP, I checked the account settings. Disabling the default parental controls did the trick - ssh to github.com is restored!
The rules blocked only youtube.com and that wasn't working. It seems likely that the ISP's reboot of the connection after assigning the static IP caused a re-evaluation of the configured parental control rules.
No idea why https to github.com would be allowed and not ssh (or even why github.com was blocked), but there we go - problem solved.