SSH Gateway

As an alternative to VPN access, the URZ provides a SSH gateway for access to internal resources at the University via SSH protocol . The gateway is used exclusively for connecting an SSH tunnel from a client outside of the university network to a system within the university network.

The fingerprint of our server’s public key is SHA256:1b0s7qTEHnJVPeSYCokxWEhQmZscUPYGlxMRRum1wHA

If your client System supports DNSSec you can enter the parameter

into your local SSH configuration (~/.ssh/config). This enables an automatic comparison of the SSH client’s SSH hostkey fingerprint and our DNS.

Login to the SSH gateway is only possible with the public key method. Send us your SSH public key by creating a ticket in Groupware’s ticket system.

Although you can log in directly to the SSH gateway and then log in to your target system from there, this procedure has two disadvantages:

1. If the target system requires a public key authentication, it is not possible with this procedure.
2. If you want to transfer files, you will have to copy the data in two steps and there are local file system limits on the SSH gateway.

It is therefore recommended that you use an SSH tunnel.

The following command creates an SSH tunnel to the target system via the SSH gateway.

A configuration for the gateway and all servers that you would like to connect to via the gateway can be set up in the file ~/.ssh/config in the user’s home directory.

The SSH connection can now be set up via the allocated alias name. The first time you log in you will be asked to enter the password that matches your URZ username in order to connect with the SSH gateway (if you are not using the SSH public key method). Then you will be asked to enter the password of the user on the target system if public key authentication is not activated.