Check network details

This article explains how to:

  • check that your network domain is able to access JASMIN resources
  • check that the particular host from which you are intending to connect to JASMIN has the required network configuration

Check network domain (non .ac.uk users)

In order to maintain a secure and reliable scientific infrastructure for its users, JASMIN restricts login access by maintaining a "whitelist" of network domains which are allowed to make SSH connections to the JASMIN login gateways and data transfer servers.

All .ac.uk network domains (i.e. UK universities and "academic" institutions) are already registered.

If your institution's network domain is not .ac.uk, please request for it to be added to the whitelist by contacting the CEDA Helpdesk, after reading the information in the following section about forward and reverse DNS lookup.

Check IP address resolves to network domain (all users)

In addition to being on the whitelist there is an additional requirement that the address of your local computer must have forward and reverse DNS lookup enabled. This means that the hostname must resolve to an IP address, and the IP address must resolve to the fully-qualified hostname.  

One easy way to do this is to access the following URL from the machine which will be used to make the SSH connection to JASMIN:

https://accounts.jasmin.ac.uk/services/reverse_dns_check/

If you don't have a web browser on that machine, you can use the curl or wget commands to make an HTTP request to that URL, and inspect the output. A successful response will look like this:

External IP address: 130.246.123.456
Resolved to host: vpn-3-167.rl.ac.uk

Whereas an unsuccessful response will look like this:

External IP address: 130.246.123.456 
Reverse DNS lookup failed

It is important that the network domain to which the IP address resolves is part of the network domain which has been whitelisted. If there is no obvious relationship between the network domain of the host and that of your institution (derived from your email address), you may be asked to provide additional justification or your connection may be denied.

This can be a problem if you attempt to connect directly from a commercial home or business internet service provider. Wherever possible, please connect to your institution (which is likely to be whitelisted already) before making an outgoing SSH connection to JASMIN a server.

As long as the IP address resolves to a fully-qualified hostname within the whitelisted domain, it does not matter whether the host has a static or dynamically-assigned (DHCP) IP address.

Still need help? Contact Us Contact Us