Check network details
This article explains how to:
- check that your network domain is able to access JASMIN resources
- check that the particular host from which you are intending to connect to JASMIN has the required network configuration
Check network domain (non .ac.uk users)
In order to maintain a secure and reliable scientific infrastructure for its users, JASMIN restricts login access by maintaining a "whitelist" of network domains which are allowed to make SSH connections to the JASMIN login gateways and data transfer servers.
All .ac.uk network domains (i.e. UK universities and "academic" institutions) are already registered.
If your institution's network domain is not .ac.uk, please request for it to be added to the whitelist by contacting the CEDA Helpdesk, after reading the information in the following section about forward and reverse DNS lookup.
Check IP address resolves to network domain (all users)
In addition to being on the whitelist there is an additional requirement that the address of your local computer must have forward and reverse DNS lookup enabled. This means that the hostname must resolve to an IP address, and the IP address must resolve to the fully-qualified hostname. You can check your configuration by:
- finding the fully-qualified host name of your machine
- finding the IP address of your machine
- performing a lookup to check that the IP address resolves to the fully-qualified hostname
- performing a lookup to check that the hostname resolves to the same IP address
Linux and Mac users, or Windows users with MobaXterm should be able to achieve this with the following commands: (Other methods can also be used, see below)
$ hostname -f myhost.mydomain.ac.uk
The fully-qualified host name returned is
Next, find the IP address of your machine.
$ hostname -i 123.456.78.890
Mac users may not have the
-i argument available with the
hostname command. However the IP address can be found either by inspecting the output of the
ifconfig command, or from System Preferences / Network. Another alternative is to do a Google search (from the machine in question) for "my ip address".
Next, use the
nslookup command to check if the IP address resolves to a host name:
$ nslookup 123.456.78.890 Server: 18.104.22.168 Address: 22.214.171.124#53 123.456.78.890.in-addr.arpa name = myhost.mydomain.ac.uk
The above is an example of where the IP address does resolve. Below is an example of where the hostname does not resolve:
$ nslookup 123.456.78.890 Server: 126.96.36.199 Address: 188.8.131.52#53 ** server can't find 123.456.78.890.in-addr.arpa.: NXDOMAIN
In the latter case, you would need to ask your local system administrator to ensure that your machine "has forward and reverse DNS lookup enabled" (ask them to consult this documentation if necessary). Then, once enabled, repeat the test.
To ensure that the lookups are valid externally (beyond your organisation's internal network), you should also check with tools such as the DNS Lookup and Reverse Lookup tools at mxtoolbox.com.
It is important that the network domain to which the IP address resolves is part of the network domain which has been whitelisted. If there is no obvious relationship between the network domain of the host and that of your institution (derived from your email address), you may be asked to provide additional justification or your connection may be denied.
This can be a problem if you attempt to connect directly from a commercial home or business internet service provider. Wherever possible, please connect to your institution (which is likely to be whitelisted already) before making an outgoing SSH connection to JASMIN a server.
As long as the IP address resolves to a fully-qualified hostname within the whitelisted domain, it does not matter whether the host has a static or dynamically-assigned (DHCP) IP address.