Access the Institute Network
Access to the institute's network is possible via the ssh gateway: gw.him.uni-mainz.de
You can log in to the gateway using your public key, but not with username/password.
Prepare your public key
If you know your public key - great. Send your public key via your university email account to it(at)him.uni-mainz.de.
If there is no id_rsa.pub, you may need to create a public key by entering:
ssh-keygen
You can accept the default values, the private and public keys will be stored in your ~/.ssh/ directory.
Connect the first time
Try out the following line, assuming your private key file sits in ~/.ssh/id_rsa.
ssh -J <username>@gw.him.uni-mainz.de -i ~/.ssh/id_rsa <username>@<hostname>.him.uni-mainz.de
Setup the Gateway as Jump Host
You don't need to manually enter the remote hostname each time you want to log in to your desktop, but instead configure your ssh config file to use the gateway as jump host. Look inside your ~/.ssh/ directory for a file called config. If it's not already there, create it:
nano ~/.ssh/config
And add entries for two hosts, which we will call work (your workstation) and gate (the gateway). Your config should look like this:
Host gate
HostName gw.him.uni-mainz.de
User <Uni-Mainz ID>
ServerAliveInterval 15
IdentityFile ~/.ssh/id_rsaHost work
HostName <hostname>.him.uni-mainz.de OR <IP>
User <user name on that machine>
ServerAliveInterval 5
ProxyJump gate
The ProxyJump command is crucial here.
Please note that your public key must also be on your workstation in ~/.ssh/authorized_keys. Place them there in whatever way you prefer or refer to your OS man pages. If that is set up correctly, you can ssh into your workstation at HIM by using
ssh work
Notes
The gateway is regularly rebooted every Monday morning at 5 am.
Privacy
The basis for the temporary storage of user data is Art. 6 Abs. 1 lit. f DSGVO.
Logfiles on the ssh gateway server are kept for in general not more than two weeks documenting:
- authentication data, i.e. ip address of the computer, username, especially failed attempts
These are necessary for security and debugging purposes.
All of the above data is only used for the purpose of providing the ssh gateway service and is not shared with a third party.