If you can't ssh to feynman
In order to limit the exposure of feynman server to hackers, we require that the user must originate ssh connection of one of the trusted domains. Our expanding list of such domains includes AC, EDU, GOV, ORG, most of ISPs in Princeton area and several other collaborating institutions like CERN, KEK, ICTP, INFN, ENS, IN2P3... If your ISP has acquired a new IP range that is not in our trusted domains list, please send us the IP address allocated to you at the time you try to ssh to feynman. To do this easiet would be to visit http://helpdesk.princeton.edu and look for You are connected from... at the bottom of the page. Send us the IP, and the exact time you tried to ssh.
For security reasons our ssh server performs a reverse lookup DNS query, if it fails then sshd will drop the connection request. It is ISP's responsibility to keep their DNS uptodate and reply to our DNS queries. PATMEDIA has been particularly slacking on this. You as a customer can demand from your ISP to meet their obligations.
Please remember, you can also VPN to Princeton (in fact, any of our above listed trusted domains) and then ssh to feynman. This should always work for almost all the potential users of feynman. Instructions for how to setup VPN on your laptop or home machine for various Operating Systems, please see: http://kb.princeton.edu/6023. However, there are some caviates associated with VPN:
- It may slow down your network as all the traffic is routed through the VPN server.
- If you have a private home network that shares one public IP among multiple hosts, only one may use the VPN sevice at a time.
- Some ISPs may not allow VPN traffic or may charge higher subscription fees to use the service.