Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

Secure Shell

For secure connections from the Internet to the HZB Intranet, for example from a PC at home, there is access via Secure Shell (ssh).

Authentic server

You can be sure that really the addressed server answers and not a fraudster who wants to spy out your data.

Encrypted transfer

Only your program and the server see the plain text, no one else can read your password as you type it.

At the first connection, the addressed server presents a certificate, which is used in the following to encrypt the connection. Once you accept the certificate, your program will remember it for future connections and will not ask for it later. If you want to be absolutely sure, you can compare the electronic fingerprint of the certificate. For aditum.helmholtz-berlin.de the correct fingerprints are:

SHA256:     x+QDQcVKiMe6WuphQHqw75s9CdIH78D6gJdMtRplChg
MD5:     5b:9b:e3:59:4d:73:46:f3:85:33:82:7a:1d:a8:cc:4e

Secured channel/tunnel

You can use an existing connection to access services from servers in the intranet. The connection is then a tunnel for communication; several channels can also be transmitted together.

  • Secure copying with scp
  • Secure file transfer with sftp
  • Addressing internal web servers (request tracker, EVE, ...)
  • Forwarding X displays (Graphical applications of Linux/macOS systems)
  • Forwarding VNC sessions at Linux or macOS systems (remote screen)
  • Forwarding of Microsoft remote desktop connections (RDP) under Windows, also with file transfer/printer forwarding


ssh server at HZB

For external access to HZB via ssh there is only the general access server aditum.helmholtz-berlin.de and next to it the gateway for Microsoft Remote Desktop connections, rica.helmholtz-berlin.de. All other servers in the intranet of HZB are shielded by a firewall.


To sign in on aditum you need your HZB credentials as well as a SSH key pair. You can upload your public key on https://www.helmholtz-berlin.de/bin/extern-access. Also, you need to use the button „Activate usage“, which will toggle your permission to use aditum.

The computer aditum.helmholtz-berlin.de is a Linux system with limited functionality. From there you can establish an ssh connection on port 22022 to an intranet computer or use tunnels for further services.

Your home directory /net/home/USER is not available on aditum. Please also note, that apart from few exceptions all your data on aditum will be automatically removed after your last active SSH session on aditum has been terminated. If you “Deactivate usage“ on https://www.helmholtz-berlin.de/bin/extern-access, your aditum home directory /home/USER will be removed completely.