Secure Shell

For secure connections from the Internet to the HZB Intranet, for example from a PC at home, there is access via Secure Shell (ssh).

Authentic server

You can be sure that really the addressed server answers and not a fraudster who wants to spy out your data.

Encrypted transfer

Only your program and the server see the plain text, no one else can read your password as you type it.

At the first connection, the addressed server presents a certificate, which is used in the following to encrypt the connection. Once you accept the certificate, your program will remember it for future connections and will not ask for it later. If you want to be absolutely sure, you can compare the electronic fingerprint of the certificate. For is the correct fingerprint:


Secured channel/tunnel

You can use an existing connection to access services from servers in the intranet. The connection is then a tunnel for communication; several channels can also be transmitted together.

  • Secure copying with scp
  • Secure file transfer with sftp
  • Addressing internal web servers (request tracker, EVE, ...)
  • Forwarding X displays (Graphical applications of Linux/macOS systems)
  • Forwarding VNC sessions at Linux or macOS systems (remote screen)
  • Forwarding of Microsoft remote desktop connections (RDP) under Windows, also with file transfer/printer forwarding


ssh server at HZB

For external access to HZB via ssh there is only the general access server and next to it the gateway for Microsoft Remote Desktop connections, All other servers in the intranet of HZB are shielded by a firewall.

To log in you need a HZB-ID and a special password, also called external password for differentiation.

The computer is a Linux system with limited functionality. From there you can establish an ssh connection to an intranet computer or use tunnels for further services.

The local storage space (under /home) is limited. Your home directory in the intranet is only accessible via another connection (tunnel+sftp).