Secure Shell
For secure connections from the Internet to the HZB Intranet, for example from a PC at home, there is access via Secure Shell (ssh).
Authentic server
You can be sure that really the addressed server answers and not a fraudster who wants to spy out your data.
Encrypted transfer
Only your program and the server see the plain text, no one else can read your password as you type it.
At the first connection, the addressed server presents a certificate, which is used in the following to encrypt the connection. Once you accept the certificate, your program will remember it for future connections and will not ask for it later. If you want to be absolutely sure, you can compare the electronic fingerprint of the certificate. For aditum.helmholtz-berlin.de the correct fingerprints are:
SHA256: x+QDQcVKiMe6WuphQHqw75s9CdIH78D6gJdMtRplChg
and
MD5: 5b:9b:e3:59:4d:73:46:f3:85:33:82:7a:1d:a8:cc:4e
Secured channel/tunnel
You can use an existing connection to access services from servers in the intranet. The connection is then a tunnel for communication; several channels can also be transmitted together.
- Secure copying with scp
- Secure file transfer with sftp
- Addressing internal web servers (request tracker, EVE, ...)
- Forwarding X displays (Graphical applications of Linux/macOS systems)
- Forwarding VNC sessions at Linux or macOS systems (remote screen)
- Forwarding of Microsoft remote desktop connections (RDP) under Windows, also with file transfer/printer forwarding
ssh server at HZB
For external access to HZB via ssh there is only the general access server aditum.helmholtz-berlin.de and next to it the gateway for Microsoft Remote Desktop connections, rica.helmholtz-berlin.de. All other servers in the intranet of HZB are shielded by a firewall.
aditum.helmholtz-berlin.de
To sign in on aditum you need your HZB credentials as well as a SSH key pair. You can upload your public key on https://www.helmholtz-berlin.de/bin/extern-access. Also, you need to use the button „Activate usage“, which will toggle your permission to use aditum.
The computer aditum.helmholtz-berlin.de is a Linux system with limited functionality. From there you can establish an ssh connection on port 22022 to an intranet computer or use tunnels for further services.
Your home directory /net/home/USER is not available on aditum. Please also note, that apart from few exceptions all your data on aditum will be automatically removed after your last active SSH session on aditum has been terminated. If you “Deactivate usage“ on https://www.helmholtz-berlin.de/bin/extern-access, your aditum home directory /home/USER will be removed completely.