SSH-RESTRICTED from OUTSIDE to ssh.aem.umn.edu and ssh2.aem.umn.edu, ONLY

The SSH port (22) is blocked from machines outside the Enet router to machines within the ME building. There are a couple of exceptions which include the SSH GATEWAYs

NOTE 1: you may use either one (they are equivalent machines which allow all users from both domains to log in)

NOTE 2: You do NOT need to use VPN to connect to the ssh gateways (they are available from everywhere).

If you want to ssh in FROM a machine that is NOT in the domains:

you must connect to an SSH GATEWAY. You may then ssh from the SSH GATEWAY to the machine you really want (the SSH GATEWAYs support pine and mutt).

This does not in any way affect the ability to use ssh between machines within the above domains, nor the ability to connect to outside machines from here.

As ssh seems to be a continuous target of exploit (and attempts to break in directly by guessing passwords) - we will block ssh to all but a select few machines on a permanent basis to reduce the need to update them all every time another exploit is found.

If you have a lab machine which is patched to the latest version of ssh, and need (you must have a good reason) to forgo the protection of making your connection first to an SSH GATEWAY and then to your machine, please contact us.

Enet enet@enet.umn.edu