In theory we now have publicly-accessible public floating IPs available in codfw1-dev. I've added one to a VM and am attempting to access it from my local laptop -- I get 'connection refused.'
I've confirmed that ssh-server is running on that host (I can connect locally), and that vm has a security group of 'ALLOW IPv4 22/tcp from 0.0.0.0/0'
So... not sure if this is a networking thing or a config issue in openstack or on the VM. The fact that it's a connection refused and not a timeout suggests that ssh is actively rejecting the connection but I'm out of ideas.