SSH-Gateway

How to access and register at the ssh-gateway.

Info: at least openssh 7.3 is required

The SSH gateway is the interface between the institutes network and external networks. To prevent attacks on the institutes network, it is not possible to connect directly to any computer via ssh. The usual access to the KPH network is via the server "gate6". This makes it possible to establish an additional SSH connection to any computer within the institute network.

To establish a connection with "gate6" you have to register first.
To do this, you just have to send an e-mail to kph-it@uni-mainz.de with the request for activation and your SSH-public-key attached. You can find here a brief instruction on how to create ssh-key pairs.

Once you are registered, you can connect to the SSH gateway. Here is a short ssh manual for more details:

  • The ProxyJump feature is beeing used. For the command line it could look like this:

     ssh -J proxy@gate6.kph.uni-mainz.de <hostname>.kph.uni-mainz.de

  • If ProxyCommand was used before, your entry in ~/.ssh/config could now be as follows:

     Host <hostname>
         HostName <hostname>.kph.uni-mainz.de
         ProxyJump proxy@gate6.kph.uni-mainz.de

  • With the entry your command line input looks like this:

     ssh [user@]<hostname>

  • If you just want to create a ssh tunnel, e.g. for RDP, the '-N' option prevents an explicit login:

     ssh -N -L 9999:<hostname>.kph.uni-mainz.de:3389 proxy@gate6.kph.uni-mainz.de

Secure copy (scp)

The command without the entry in ~/.ssh/config:

scp [-r] -J proxy@gate6.kph.uni-mainz.de [user@]<hostname>.kph.uni-mainz.de:[source] [destination]

Use the option -r (recursive) to copy folders.

If you configured ~/.ssh/config as shown above you can feed the command line simply with the hostname (without .kph.uni-mainz.de).

scp [-r] [user@]<hostname> [source] [destination]