As has been announced previously, inbound SSH connections will be blocked at the University's border firewall beginning September 30th. We understand that many of you support users who work with external collaborators, or provide billable services to external customers, where it would be better to leverage VPN access to continue to use SSH after the block rather than exempting the relevant systems from the block.
To enable these users via GlobalProtect VPN access after SSH is blocked at the campus firewall, you will need to do several things:
- These users will need an individual persistent Penn Community record with an active PGUE affiliation. Your school's Penn Community admins should know how to make this happen for you. Please note that these will require a DOB in addition to a first name and last name, but SSN is not required. For users who already exist in Penn Community, your PCOM admins can add an active PGUE affiliation to the existing record. (*Users who are University employees or students do not need additional affiliations in Penn Community. If you're unsure of the status of any individual, please submit a ticket using the Penn Community Request tile and include their PennID.)
- These users must enable and use Two-Step Verification with PennKey for authentication.
- You will need to add these users to an ad hoc group in PennGroups. ISC will create these groups in your individual school folders if your school/center needs one. These ad hoc groups will become member groups in the larger VPN group structure managed by ISC. If you need an ad hoc group to accommodate external collaborators, please submit a ticket using the PennGroups Request tile in Support Center and mention "external VPN users."
If you have any additional questions or don't know who your Penn Community administrators are, please contact help@isc.upenn.edu for assistance.