@tomsawyer2k5 yeah it has zero to do with pfsense.. Unless you blocking outbound access on 22, or to that IP..
Here is what I get when I try and talk to that fqdn..
I would use say putty and try and connect, I get a login prompt..
putty.jpg
If you don't get a login prompt that your having a connectivity problem, ie maybe your blocking outbound? They are blocking or just can't get there.. I would then try to login with the creds you have..
Yeah their support is clueless it seems - no you would not setup a "port forward" on your end to talk to them.. Do you setup port forwards to talk to www.google.com - same principle!! just different port..
If you get prompted for username - then your connecting, and either you don't have valid creds, or they have an issue ... But a prompt for login validates that your talking to their server on 22, and you have exchanged the keys and agreed upon proper cipher etc.. that makes the ssh connection secure..
edit:
So vs using putty I used just cmd line ssh so I could get a better idea of what they are using, etc. And they are using a deprecated host key ssh-rsa is old, etc..
Unable to negotiate with 69.2.197.40 port 22: no matching host key type found. Their offer: ssh-rsa
I had to allow for that and then I could connect.. Putty doesn't seem to be as strict current openssh client
$ ssh -v -oHostKeyAlgorithms=+ssh-rsa root@sshftp.zirmed.com
OpenSSH_9.7p1, OpenSSL 3.0.13 30 Jan 2024
debug1: Connecting to sshftp.zirmed.com [69.2.197.40] port 22.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version 7.9.0.0_openssh Globalscape
debug1: compat_banner: no match: 7.9.0.0_openssh Globalscape
debug1: Authenticating to sshftp.zirmed.com:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_GROUP received
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: SSH2_MSG_KEX_DH_GEX_REPLY received
debug1: Server host key: ssh-rsa SHA256:oZomcIzaNx+A43aULWENk1VplP1DGIR8p2cYqpnaY+4
The authenticity of host 'sshftp.zirmed.com (69.2.197.40)' can't be established.
RSA key fingerprint is SHA256:oZomcIzaNx+A43aULWENk1VplP1DGIR8p2cYqpnaY+4.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'sshftp.zirmed.com' (RSA) to the list of known hosts.
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
(root@sshftp.zirmed.com) Enter password:
You can see they are running "remote software version 7.9.0.0_openssh Globalscape"
and got through all the key exchanges and selections for encryption, etc. And asking me to auth..