Check network details
This article explains how to:
- check that your network domain is able to access JASMIN resources
- check that the particular host from which you are intending to connect to JASMIN has the required network configuration
Check network domain (non .ac.uk users)
In order to maintain a secure and reliable scientific infrastructure for its users, JASMIN restricts login access by maintaining an "allow list" of network domains which are allowed to make SSH connections to the JASMIN login gateways and data transfer servers.
All .ac.uk network domains (i.e. UK universities and "academic" institutions) are already registered.
If your institution's network domain is not .ac.uk, please request for it to be added to the allow list by contacting the CEDA Helpdesk, after reading the information in the following section about forward and reverse DNS lookup.
Check IP address resolves to network domain (all users)
In addition to being on the allow list there is an additional requirement that the address of your local computer must have forward and reverse DNS lookup enabled. This means that the hostname must resolve to an IP address, and the IP address must resolve to the fully-qualified hostname.
One easy way to do this is to access the following URL from the machine which will be used to make the SSH connection to JASMIN:
If you don't have a web browser on that machine, you can use the curl or wget commands to make an HTTP request to that URL, and inspect the output. A successful response will look like this:
External IP address: 220.127.116.116 Resolved to host: vpn-3-167.rl.ac.uk
Whereas an unsuccessful response will look like this:
External IP address: 18.104.22.1686 Reverse DNS lookup failed
If your IP address does not resolve, please contact your local IT technical support desk and show them this article to help explain the context.
It is important that the network domain to which the IP address resolves is part of the network domain which has been allowed. If there is no obvious relationship between the network domain of the host and that of your institution (derived from your email address), you may be asked to provide additional justification or your connection may be denied. Some institutions prefer not to provide public DNS listings: in this case please ask the technical support representative to contact the CEDA helpdesk on your behalf to see if a technical solution can be found.
This can be a problem if you attempt to connect directly from a commercial home or business internet service provider. Wherever possible, please connect to your institution (which is likely to be on the allow list already) before making an outgoing SSH connection to JASMIN a server.
As long as the IP address resolves to a fully-qualified hostname within the allowed domain, it does not matter whether the host has a static or dynamically-assigned (DHCP) IP address.
If you cannot obtain an IP address which resolves in this way, you may still be able to access (only)
jasmin-login2.ceda.ac.uk, which has been configured to enable access without the reverse DNS restriction. However, this is likely to be the only entry point available to you and will limit what you can do on JASMIN. Doing so can be useful as a temporary solution, but to gain full use of JASMIN you will need to have an IP address which resolves to the domain of your institution.