How to SSH to computer with both public and private IPs using DDNS

Question

I have a Mac laptop (computer A) running OS X el capitan that I would like to remotely access with SSH. Since the computer is always on my school network, I cannot get a static, public IP address. After doing research, I've learned that I can

1. set mac os x to request a certain private IP on my school network
2. use ddclient to always update the public IP my computer has to nsupdate.info such that a static url always points to computer A

As mentioned before, computer A is on my school network. How can I use my computer (computer B) on my home network, which is far from my school, to ssh into computer A?

Let's say I have set computer A to configure IPv4 using DHCP with manual IP address 172.27.133.200 and to use ddclient to update testurl.nsupdate.info to always point to the public IP address of computer A. Is there a command that would use these two addresses such that I can connect, e.g. (conceptually)

userOnComputerB$ ssh userOnComputerA@172.27.133.200@testurl.nsupdate.info

I also welcome other solutions that work within the confines of the problem. I have consulted other questions involving reverse tunneling and port forwarding, but don't see how they apply to this, because I think I do not have any control over the port forwarding of my school network routers.

Lastly, if a command like the one above is not possible, what is the technical or ssh design reason why such a command is not possible?

Answer 1

When you SSH to testurl.nsupdate.info the connection will terminate at your school's firewall (or other device which implements NAT for your internal IP 172.27.133.200). The firewall will not know that this needs to be forwarded to your internal IP, unless the firewall admin had configured port forwarding but as you say, you have no control over that.

If you think of it, the firewall's mean reason for existence is exactly to prevent someone on the outside to be able to connect to a device on the inside (except those connections that the firewall admin approved).

However, typically the firewall does allow your internal device to SSH to the outside, so then you could use that outbound SSH connection to tunnel an inbound connection, which is explained in questions involving reverse tunneling that you mentioned. Just read this while keeping in mind that "lappy" is your school computer and "remotey" your home computer.