There are several ways to access and edit files on your webserver or upload new files. This article explains the options.
Two access methods are available: using SSH via an acces host (gateway) or using the FTP server of the LRZ.
For both, you log in with the function ID (Funktionskennung) of the web site and the corresponding password. We suggest you select a secure connection method like SFTP (less error-prone on Windows) or SCP, so your login credentials and files will be encrypted during transmission. Most upload tools support encryption these days.
If you are using a content management system like Joomla! or WordPress, an administration interface (backend) may offer additional options. Make sure you are using HTTPS when logging in.
Host names and supported protocols
Access host (restricted to MWN)
FTP Server (world-wide accessible)
SSH, SCP, SFTP
SCP, SFTP, FTPS, FTP
Client software (selection)
There are many programs for data transfer and interactive access. The following represents a selection:
Interactive access via SSH
Using SSH you can login at so-called access hosts (gateways) with the functional ID (Funktionskennung) of your site and manage your files there. The access hosts support most common Linux commands.
The names of the access hosts are:
webdev02-lmu.lrz.de(für sites of LMU)
webdev02-tum.lrz.de(for sites of TUM)
webdev02-mwn.lrz.de(for all other sites)
Access via SSH is only possible from IP addresses of the MWN (Münchener Wissenschaftsnetz). If you need access from outside of MWN, like from home, you need to set up a VPN connection first. The login user for the VPN connection may be different from the site's functional ID.
SSH fingerprints of the access host
Data transfer by SCP, SFTP, FTPS or FTP
Unlike the access hosts, the LRZ's FTP server is word-wide accessible. We recommend choosing a protocol that uses encryption to protect your data from unauthorized access and modification. Encrypted protocols are SCP, SFTP and FTPs. A suitable client program is FileZilla, which is available for Windows, Linux and Mac.
Data area of your webserver
Each web site has its own directory in the file system. When loggin in with SSH or SFTP you are automatically led to this directory. The exact path is given in the e-mail confirming the site's creation. It is build from
the NFS volume for the institution (
a directory consisting of the last letter of your site's ID, and
a directory named after your's ID.
A complete path could look like this
In the web directory is a directory named
webserver/htdocs. This is the document directory (DocumentRoot). Its content is served by the webserver if you access the domain name without any additional path. Files ending with
.php within this directory are being run as PHP programs by the webserver. Other files are send as-is by the webserver. An exception are files named .htaccess, which you can use to modify some webserver settings. Upon creation of the site, we place a start page
index.html in this directory.You can modify or remove it.
Files in the directory
/webserver/config/ are not accessible via HTTP. You can place password files or other data here.
Command line: determine PHP interpreter version
Several versions of the PHP interpreter are available on the access hosts. The standard command
php may not use the intended version. You can check this with
It is recommended to use the same version as your website at the command line or in cron jobs, and to state the full path explicitly. The paths of all available interpreters can be listed with
update-alternatives --list php.
/usr/bin/php points via symlink(s) to the most recent PHP version.
In case of problems accessing your files, you should first check the password status in the IdM-Portal. Should the password not be "expired", but "Start password", you have to set a proper password before the account is usable. The status "Startpasswort" will also be set if a Master User resets the password (in case the old one is lost).
Be aware that access hosts are have a naming scheme like webdev02... since March 2020.
Database password are not managed at the IdM portal, but at the database server.
Please note that you need to set up an VPN connection when logging in from outside the MWN.