Information about the MI network

You can reach IT support via Mail as, in urgent cases also via phone, working days 9am to 4pm (3pm on fridays) at -7773.



If you need a new account, please send us an email including the following Information:

  • First and last names
  • Your preferred username (max. 8 characters, consisting of the letters a to z), otherwise we will assign you a username constructed from your name
  • Room number
  • Telephone number
  • Your manager, if applicable
  • Your status (e. g. postdoc, secretary)

We will send you, as soon as possible, your temporary password via email.


Your data is located on a central file server, secured by a RAID system. A (non versioned) backup is copied every night, to a server in a different location (“Rechenzentrum”). Please handle your data with care.

Shared Data

It is possible for a work group to share data. Work groups and shared folders can be setup on request. Furthermore, a shared www folder can be set up for publishing group results. If you need such a group account, please send us an email, and provide the following information: Head of the work group, the required folders and the names of the work group members.


With the command passwd (in a terminal) you can change your password (At the time of this writing, this only works on the desktop computers and not on the login servers).


Recently users received an increasing amount of phishing emails—unfortunately we can't do much about it. More information about phishing can be found on the website of the data processing center.


Every user has a certain maximum amount of storage available

An explanation of the amount of available storage is available here. Furthermore you will be warned via email if you have exceeded or are about to exceed your quota.

You may read about why quotas were introduced here. and why we can't simply buy larger hard disks here .

Publishing Webpages

Every home directory contains a folder named www. This folder is meant to be used to publish your web pages. Please make sure that your files are readable for others (the files have to be readable either for the group www or for everybody).

A guide on how to use the design of the institute for your personal pages can be found here

If you want to make web pages only available to certain people, there are two ways to achieve this:

  • You generate a folder with a “cryptic” name and put your files in there.
  • You create an auth directory containing a .htpasswd file..

Example for a cryptic folder name: Generate a folder www/ASJDHu9z2sjja87 and then put your file secret.pdf in there. This file is only accessible under Those who do not know the exact link will not be able to find or access the file. This method has the same level of security as a password! (Just make sure that you either have an index-file in your www folder or adjust the file rights of your www folder (the folder must not be readable for www and others) — otherwise people can get a listing of the contents of your www folder).

Example for auth directories: Create a folder www/auth (the folder has to be placed on the top level of your www directory). Then create a .htpasswd file in that folder (or in a sub folder if you want to have different permissions for different folders), e.g. with thtpasswd -c ~/www/auth/.htpasswd desiredusername on the command-line. Additional pairs of username and password can be created by omitting the -c flag.

Character Encoding

All information about the character encodings (e.g. UTF-8 and Latin1) are located on a separate page.

When leaving the Mathematical Institute

When you are leaving the Mathematical Institute, you are welcome to keep your account for a transitional period (e.g. for saving your data or publishing your new email address).

If you like, we can configure a forwarding mechanism for you for both your email and your webpage. This forwarding mechanism is also only ment for a transitional period and we cannot guarantee its existence in the distant future (eg the account might be needed for different purposes).

Should you decide to use the forwarding mechanism for your webpages you have two choices. In the first case, all websubpages are redirected to the same new webpage. In the second case, websubpages are redirected to websubpages of the same name on the new website.

You should secure all you data including emails (the latter eg by drag-and-drop in thunderbird).

Your account will be closed definately at a later point in time (eg due to a file server migration or similar).

Desktop Computers

Operating System and Programs

All desktop computers usually run a stable or LTS version of Debian GNU/Linux. Currently the version “Stretch” (i. e. Debian 9) is installed.

When you log in on any desktop computer you are going to see the LXQT Desktop Environment and a set of common applications installed. Should you require any application that is not installed, please let us know via email. We will try to find out if there are already installed alternatives and if it is expedient to install that application on all desktop computers.
Some idiosyncrasies (configuration/behaviour) of the installed software are listed on a separate page.
It is also possible to shut down computers, to save energy and extend their lifetime.

UI Language

In order to change your UI language, you need to edit the hidden file .locale in your home directory. You can do so by pressing Alt+F2 and entering mousepad .locale in the prompt.
After pressing Enter, an editor window will open, showing export LANG=de_DE.UTF-8 or export LANG=en_GB.UTF-8. This is where you set your language:
export LANG=en_GB.UTF-8 sets your system to english, export LANG=de_DE.UTF-8 to german and export LANG=fr_FR.UTF-8 to french.
Please do not use en_US.UTF-8, since this will change the paper size from A4 to US-letter.

The following site explains how to change the keyboard layout.

Central Administration

All desktop computers are administered centrally:
All software on all desktop computers is identical (i. e. if a new program are to be installed, it will be installed on all desktop computers!) Furthermore, the hardware within one of a few hardware generations is identical. This means that we can't “easily” install or replace pieces of hardware.

The advantage for you is that, in case of a problem, we can just exchange your computer without you noticing any difference (same software and hardware). You also can log into any desktop computer and find the exact same setup.


Mathematica and Maple

The computer algebra packages mathematica and maple are installed on the computer called kraftwerk. The graphical version can be called via:

ssh -X kraftwerk mathematica
ssh -X kraftwerk xmaple

Thanks to a campus wide license, mathematica can also be found on all desktop computers.


The following sections apply to printing from our destop computers, as well as laptops you brought yourself. In the case of printing form your laptop, please consult the section on laptops as well.

Printer Locations

A complete list of printers and locations can be found here. (In a terminal window, all information concerning printers can be found with the command lpstat -l -p.)
To reduce the number of erroneous printing jobs, an authorization is necessary for office printers. If you need permanent access to a printer, just let us know.

Printing Commands in a Terminal

Files can be printed with the command lpr -P printername filename.
lpq -P printername shows all currently active print jobs.
lprm -P printername jobnummer deletes a print job.

Printing many copies of a document (i.e. for exams)

If you want to print many copies of the same document, i.e. for an exam, please use either Okular or the lpr command.
Otherwise printing will likely fail, since the other applications will join all copies into one large document.
In case you're printing on the printer davinci via lpr, you can tell it to staple your Documents via the additional flag -o KCStaple=UpperLeft and set the number of copies using -# N. Thus the command will look as follows: lpr -P davinci -o KCStaple=UpperLeft -# N path to your file

Consumption Items (Toner and Paper)

Please contact our janitor Holger Hammes about consumption items.
Note that Toner low is just a warning; the cartridge is to be replaced only when reading Toner empty.



Outgoing mail server:, port 25 (encryption via TLS). Incoming mail server:, port 993 (encryption via SSL).
Should you be inside a network that (for very good reasons) blocks the outgoing port 25, you can try to switch to port 587 (the so-called submission port). We also block outgoing connections to port 25 (external mail servers). Other providers generally allow switching to port 587.
Should you want to use an external IMAP mail server from within our network, please use port 993 (SSL) since we don't allow non-encrypted traffic to the outside world.

Mailing Lists

You may find the existing mailing lists here.
Please keep in mind that emails with large attachments that are sent to a great number of accounts can produce heavy traffic. We kindly ask you to consider putting your attachment (when possible) into your www folder and only sending a link.


For spam filtering we use the spam filter service of the data processing center. This means that all mail sent to your address, without exception, passes through their spam filter. The filter marks spam mails as SPAM, SUSPECTEDSPAM or MARKETING. Our mailserver moves these mails into the folders Spam, Suspectedspam or Spam.Suspected and Spam.Marketing or Marketing. If none of these folders exist, they will be moved into the Spam folder.
Please check your spam folder(s) regularly for false positives and delete spam messages to free up space since they count against your quota and won't be deleted automatically. We strongly recommend disabling the internal spam filter in browsers. For example, in Mozilla Thunderbird (icedove): ExtrasJunk-Filter-EinstellungenLernfähiger FilterJunk-Filter aktivieren [uncheck] → OK, or, if you use the English locale: PreferencesPreferencesSecurityJunkEnable adaptive junk filter logging [uncheck] → Close


The webmail interface can be found under However, the faster and more comfortable way to read your mail is to use a specialized mail client (Thunderbird, Apple Mail, Outlook …). You can save passwords and you can also read mail if you don't have a network connection.


A forwarding procedure can be configured with the program CompoSiever. Please enter the command composiever in a terminal window. You will see a simple, dialog oriented user interface, that should be self explanatory. You can also indicate if a copy of forwarded mail should be put in your mailbox at the institute.

Vacation Message

You can also configure a vacation message via CompoSiever should you be away for a longer amount of time. You can specify a time frame for this well ind advance. Please keep in mind that the end date specifies when the vacation mail must not be sent anymore (e. g. first working day). Should you have a mail alias (e. g. your name was too long and you wanted to be reachable under your full name), please contact us


In line with common practice we limit the size of emails you can send or receive. If you need to send large files, you may either copy them into your www directory and send a download link or upload them to Sciebo and send a link. On our desktop PCs ther is a plugin for Thunderbird to make sending files via Sciebo more comfortable. If you wish to use it, please read more on how to configure Thunderbird for Sciebo.


Long-term guests

Dektop computers

In order for long-term guests to use our workplace computers, your host will provide you with a guest login of the form gastXXXN, together with a password. You may use that account to login to any MI workplace computer. Unlike “real” accounts, there is no actual e-mail address associated with guest accounts; furthermore you won't be able to publish personal websites from within the MI infrastructure. Please note that guest accounts are exclusively managed by the secretaries — in case you did not receive any login, there's nothing the technical support could do about it. If you for any reasons don't need your workplace computer (e. g. if you'll be using your own device exclusively), please still don't unplug it from mains or network, for it would obstruct our nightly maintenance routine.


The most convenient way to access the MI network will likely be WLAN. In case you prefer a wired connection, please contact the technical support for this. Do not try to connect your device to the network jacks meant for regular workplace computers — it won't work, however it will hinder the automatic computer maintenance and hence cause us extra trouble. You should have received your WLAN access certificate from your host. There are installation instructions available, please contact support in case you still run into problems. If your WLAN access certificate was issued to the name of your guest account, you'll also be able to use the institute's public printers with your laptop.

Short-term guests

Dektop computers

You can login as the user named gast from any workplace computer at the institute, without providing a password. However, once you log out, all your data and settings from that session will be lost.


Access to our wireless networks can be acquired either by using an access certificate (as provided by your host) with the SSID MI, or alternatively by using a web browser to authenticate yourself with the SSID MIgast (credentials are being provided by your host).

Conference participants

Conference participants do not get to access workplace computers or printers. There is, however, the possibility to use the research computers in the library area; you can also print from there on the printers located in the same room. WLAN access can be acquired through a certificate, and/or via browser authentication. Your conference host should have supplied you with further information on this matter. The technical support may, in consultation with the conference organization, provide assistance as well (e.g. during conference breaks).

Information for hosts and conference organizers

If hosting guests or organizing a conference, plase read our notes for Hosts and Conference Organizers.


Wireless LAN

In both Endenicher Allee 60 buildings (main and new building) and Endenicher Allee 62 (Villa Maria) and Endenicher Allee 64 you can use WLAN. The following SSIDs are available:

  • MI: encrypted connection, available for employees and guests, certificate based, can grant printer access
  • MIgast: unencrypted connection for guests, browser-based authentication (“captive portal”
  • MIbonnet: VPN based connection provided by HRZ.
  • eduroam: connection for eduroam members.

In the lecture halls in Wegelerstraße 10, only data processing center's solution is available

The University of Bonn participates via the DFN in the project eduroam. Should you have a university-wide account of the data processing center, you can login the WLAN of other participating institutions. You can get an unproblematic access after you once have configured (e. g. in Bonn) your eduroam:

Wired LAN

If you want to use a wired instead of a wireless connection for your laptop at the institute, please let systems administration know on which jack you want to connect (jacks are labeled with room numbers and a letter above the jack). If you want to use our printers and mail server, then please tell us also your MAC address. In the best of cases, the laptop now automatically acquires its IP address. Please make sure that your operating system is configured to receive IP addresses via DHCP (usually the default setting). Also make sure that your browser is configured to use automatic proxy configuration.


With Linux and MacOS laptops you can use the institute's printers as follows: For Linux you possibly have to set cups or dnssd (or both) as BrowseRemoteProtocols in the configuration. For more recent versions of MacOS, you should find them under Shared Printers.
iOS and iPadOS devices can simply use AirPrint to print on any public printer from within the MI WiFi.
With Windows you should be able to reach the printers via
Please note that you can only print with your laptop if you are connected to our network via cable with a registered MAC or using a WLAN access certificate.


If you want to surf the Internet, you may configure proxies for a performance gain. That usually means use automatic proxy configuration. If that fails, you can configure manually using http://wpad/wpad.dat


Scanner are available in the old building, new building, the annex and the library. Unless you are using the scanners in the library, log in with user "scanner" without any password. After that or if you are using the scanner in the library follow the instructions. The document is scanned and sent to the specified email adress. The scanns are encrypted and deleted after 28 days.

Access from Outside

Login Server

From the outside of the Institute you can reach our network via From there you are able to connect to any computer within the institute (e. g. to start a text based program). Please don't start any unnecessary processes on login since this might slow down server operation for other users. You can, however, perform minor tasks there, like checking your email using the programs alpine or mutt, which have been deployed there for this purpose. To avoid problems with the authentication process (man-in-the-middle-attack warning if strict host checking is activated), please add the following Keys to your known_hosts file. For doing that, you can save the file on your desktop. In a terminal, please type cat ~/Desktop/ssh-host-keys.txt >> ~/.ssh/known_hosts. The warnings should disappear. The file ssh-host-keys.txt can now be deleted.

Should there be any non up to date keys listed in your known_host file you should remove these first. This is done using the command ssh-keygen -R hostname. In case of any problems please contact system administration.

VPN, proxy of the Institute (Access to MathSciNet, JStor etc.)

To access the online archives of different paper collections, you need to have an IP address belonging to the University of Bonn (for example one of the Mathematical Institute), i. e. via VPN.
If you're not physically inside the University, the easiest way is to use a VPN. The HRZ offers a guide how to use and setup the VPN. If you use macOS, you may also use the open source OpenConnect client (to be set up as described by HRZ for Ubuntu), in case you prefer it to Cisco's AnyConnect client.
If you cannot use the VPN, you may connect to our proxy server through an ssh tunnel from your outside location. Under Unix-like operating systems (Linux, macOS …) issue the command ssh -L For Windows, the programme PuttY is required.
Please configure your browser then to use the http-proxy localhost:3128.
Alternatively, you can tell your browser directly to use our proxy. The hostname is and the port is 3128.


For a graphical remote access to a desktop machine you can use X2Go.

Information about the System Administration

Should you have problems or questions about our network, you can ask us for help.

In your own interest, we prefer that you contact us via email instead of calling us over the phone. This is because all people working here (full time, part time and students) have access to the same email account. Here we process all incoming question in the form of a ticket system. Since some employees are only in the office on certain weekdays, it may happen that you have to wait a couple of days until that person is back to work. Furthermore, we too are human and it could happen that something, told to us in passing, is forgotten.

Office: Endenicher Allee 60, room N1.018
Telephone: +49.228.73-7773

Edgar Fuß
Julian Dammann
Timo Buhrmester
Marlon Bause
Victor Beumker
Yvonne Kamitz
Henrik Schl├╝ter


Keine aktuellen Meldungen