Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

Using PuTTY to access HZB internal computers via SSH tunnel (Windows)

Almost all HZB computers are not available to access via SSH from outside of the HZB Network. With a valid HZB account you may establish a tunnel to access these computers from outside the HZB through an encrypted connection via the HZB gateway computer aditum.helmholtz-berlin.de. Then you make a connection to a port on your local PC and thereby access the port of a remote computer via the tunnel.

All you need is…

… your HZB credentials on the host aditum.helmholtz-berlin.de and additionally a SSH key for authentication. You need to upload your public key on https://www.helmholtz-berlin.de/bin/extern-access. If you do not have a SSH key pair yet, please follow the tutorial to create one.

… the name of the computer and the port number you want to access.

... a suitable program to create the tunnel. For Windows we recommend installing PuTTY from the Softwarecenter.

Erstellen der Verbindung zum Außenzugangsrechner

Enter aditum.helmholtz-berlin.de as hostname. The SSH port on aditum is not 22, but 22022. SSH protocol is preset by default. Under SSH -> Auth you will need to browse for your private key which is stored in the .ppk file format.

Save the settings under any session name to be able to use the settings in the future without reentering each time. Use saved settings by highlighting and clicking load. Any changes, including any new tunnel you set up, should always be saved here for use in future sessions.

Connections can be made faster if you click Connection -> SSHEnable Compression“.

Click Open (or Apply if you already have an open session).

The first time you connect, you must accept the key of the remote host aditum.helmholtz-berlin.de. The computer aditum should show the fingerprint value.

Valid fingerprint values are

SHA256:     x+QDQcVKiMe6WuphQHqw75s9CdIH78D6gJdMtRplChg
or respectively
MD5:     5b:9b:e3:59:4d:73:46:f3:85:33:82:7a:1d:a8:cc:4e

Enter your HZB credentials in the newly opened console window to log in.

Different examples of using connections through a tunnel

Click right in the title bar of the console window and select the menu item Change Settings... to return to the settings.

Open Connections -> SSH -> Tunnels

Create a connection via a tunnel, where you access a remote port of a HZB-internal computer by connecting to a local port. Always choose a local port number greater than 1024 and less than or equal 65535.

You may establish different connections via a single tunnel.

Example 1: Accessing a web page of an internal computer, i.e. TYPO3

For example, if you want to edit HZB web pages in the content management system TYPO3, this is usually not possible externally. But by establishing a tunneled connection you can access TYPO3 from outside HZB.

Select a source port on the local host, in this example 8080. Specify the destination computer (the CMS) and the web port 80. Click Add to add and Apply to apply the settings for the existing session.

For editing Web pages in CMS with TYPO3 you now type the following URL in your browser.

Example 2: Copying files from your home directory at HZB

Usually the home directories are not externally accessible. For example if you want to transfer files from your home directory to your pc at home, you can use a tunnel and exchange files with a program such as "WinSCP".

Select a source port on the local host, in this example the 2222. As destination enter the name of a suitable Linux host, in the example dinux5, and the SSH port 22. Click Add to add and Apply to apply the settings for the existing session.

Now you may use a program like WinSCP to copy files via SSH. Connect to the local port 2222 enter your internal HZB account and click Login.

You are now connecting directly to the SSH port at the HZB internal Computer dinux5 via the previously established tunnel and you may access your files in your home directory.

On the left side of the window you can see your local directory, on the right you can see your home directory. You can now copy files by drawing with the mouse.

Example 3: Accessing an internal computer via Remotedesktop

Choose a local source port >1024, in the example 10,000. Enter the name of the remote computer and the RDP port 3389 as destination. Click Add to add the tunnel to your settings and Apply to apply the settings for the current session, if you already have one open.

Start your Remotedesktop Connection to port 10000 on your local PC - the connection will be tunneled to the RDP port on the destination host.

The first time you connect, you must accept the certificate once.