How to access and register at the ssh-gateway.
Info: at least openssh 7.3 is required
The SSH gateway is the interface between the institutes network and external networks. To prevent attacks on the institutes network, it is not possible to connect directly to any computer via ssh. The usual access to the KPH network is via the server "gate6". This makes it possible to establish an additional SSH connection to any computer within the institute network.
To establish a connection with the "gate6", you must first be officially and fully registered at the institute. Then all you need to do is send an e-mail from your JGU account to kph-it@uni-mainz.de with a request for activation and your public SSH key attached. You can find a quick guide on how to generate SSH keys here. In all other cases, the request for activation must be submitted with the involvement of the supervisor or the IT representative of the working group.
Once you are registered, you can connect to the SSH gateway. Here is a short ssh manual for more details:
- The ProxyJump feature is beeing used. For the command line it could look like this:
ssh -J proxy@gate6.kph.uni-mainz.de <hostname>.kph.uni-mainz.de
- If ProxyCommand was used before, your entry in ~/.ssh/config could now be as follows:
Host <hostname>
HostName <hostname>.kph.uni-mainz.de
ProxyJump proxy@gate6.kph.uni-mainz.de
- With the entry your command line input looks like this:
ssh [user@]<hostname>
- If you just want to create a ssh tunnel, e.g. for RDP, the '-N' option prevents an explicit login:
ssh -N -L 9999:<hostname>.kph.uni-mainz.de:3389 proxy@gate6.kph.uni-mainz.de
Secure copy (scp)
The command without the entry in ~/.ssh/config:
scp [-r] -J proxy@gate6.kph.uni-mainz.de [user@]<hostname>.kph.uni-mainz.de:[source] [destination]
Use the option -r (recursive) to copy folders.
If you configured ~/.ssh/config as shown above you can feed the command line simply with the hostname (without .kph.uni-mainz.de).
scp [-r] [user@]<hostname> [source] [destination]