Menu

Access the Institute Network

Access to the institute's network is possible via the ssh gateway: gw.him.uni-mainz.de

You can log in to the gateway using your public key, but not with username/password. 

Prepare your public key

If you know your public key - great. Send your public key via your university email account to it(at)him.uni-mainz.de

If there is no id_rsa.pub, you may need to create a public key by entering:

ssh-keygen

 You can accept the default values, the private and public keys will be stored in your  ~/.ssh/ directory.

 

Connect the first time

Try out the following line, assuming your private key file sits in ~/.ssh/id_rsa.

 

ssh -J <username>@gw.him.uni-mainz.de -i ~/.ssh/id_rsa <username>@<hostname>.him.uni-mainz.de

 

Setup the Gateway as Jump Host

You don't need to manually enter the remote hostname each time you want to log in to your desktop, but instead configure your ssh config file to use the gateway as jump host. Look inside your ~/.ssh/ directory for a file called config. If it's not already there, create it:

nano ~/.ssh/config

And add entries for two hosts, which we will call work (your workstation) and gate (the gateway). Your config should look like this:

Host gate
  HostName gw.him.uni-mainz.de
  User <Uni-Mainz ID>
  ServerAliveInterval 15
 IdentityFile ~/.ssh/id_rsa

Host work
  HostName <hostname>.him.uni-mainz.de OR <IP>
  User <user name on that machine>
  ServerAliveInterval 5
  ProxyJump gate

The ProxyJump command is crucial here. 

Please note that your public key must also be on your workstation in ~/.ssh/authorized_keys. Place them there in whatever way you prefer or refer to your OS man pages. If that is set up correctly, you can ssh into your workstation at HIM by using

ssh work

 

Notes

The gateway is regularly rebooted every Monday morning at 5 am.


 

Privacy

The basis for the temporary storage of user data is Art. 6 Abs. 1 lit. f DSGVO. 

Logfiles on the ssh gateway server are kept for in general not more than two weeks documenting:

  • authentication data, i.e. ip address of the computer, username, especially failed attempts

These are necessary for security and debugging purposes.

All of the above data is only used for the purpose of providing the ssh gateway service and is not shared with a third party.