I was referring not to my own situation but to the situations of others.
don't have the luxury of an always-on box at home, aka a "server"?
Not everybody has the luxury of an unlimited electricity budget to keep a box at home from going to sleep after 30 minutes of lack of input.
Seriously, any old piece of crap system will work and you can use the free dyndns.com service to keep the IP resolvable to static hostname.
But will the SSH server implementing a default deny policy know to check the free dyndns.com service to see which IP addresses are allowed to connect? If so, all you've done is added the length of your dyndns.com account's password to your SSH password. And the last time I used a free service similar to dyndns.com, I got a monthly e-mail asking me to click through and solve a CAPTCHA within the next seven days to keep the name active.
Also, I've never had an ISP block any incoming ports other than port 80 or 25.
Not everybody has the luxury of a home ISP that allows 60,000+ different incoming ports. Some ISPs don't even give home customers a dynamic IPv4 address; all outgoing connections pass through a carrier-grade NAT, and all incoming connections are refused.