NewsCNCnetPDMAbout usSupport
  

SECURE COMMUNICATION | HEIDENHAIN

For machines with newer Heidenhain controllers (from TNC 320 up to TNC 7) Heidenhain supports and may require secure shell (SSH) communication between remote PCs and the device. Enabling SSH has the benefits that data travels encrypted between your PC and the machine. In addition you can get rid of the ‘None-secure connection detected’ messages at the control. This document describes setup of password and public / private key based SSH communication for CNCnetPDM and TNC Remo.

CONTROLLER SETUP | ENABLE SSH PASSWORD AUTHENTICATION | ENABLE SSH KEY AUTHENTICATION | TNC REMO SSH SETUP | TECHNICAL NOTES (TNC REMO)

CONTROLLER SETUP

Access the HEROS menu by pressing the left DIADUR key (1).

DIADUR key location

FIG 1:    DIADUR key location (Heidenhain TNC 640)

ENABLE SSH PASSWORD AUTHENTICATION

To allow authentication by username and password navigate to Settings -> Current User and click [CERTIFICATE AND KEYS]. Next click [ALLOW SSH PASSWORD LOGIN] (2) followed by [STORE AND RESTART SERVER NOW] (3) and [END] (4).

Enable SSH password authentication

FIG 2:    Enable SSH password login (Heidenhain TNC 640)

If your controller is set to ‘legacy config’ which should be default in most cases username and password are both set to ‘user’.

ENABLE SSH KEY AUTHENTICATION

To enable secure communication by private / public key authentication with CNCnetPDM you have to import the public key file user@cncnetpdm.pub at the controller. The file is either located in subfolder \cert of CNCnetPDM (device driver heidenhain.dll) or \.ssh of one of the GUI programs.

Connect to the controller with TNC Remo, navigate (upper window) to the directory where user@cncnetpdm.pub is located and transmit it to a folder at the controller. If the controller only allows secure communication perform the steps for TNC Remo SSH setup first.

At the controller again access the HEROS menu, select Settings -> Current User and click [CERTIFICATE AND KEYS]. Next click [IMPORT SSH KEY] (5), select the TNC: drive, navigate to the folder with user@cncnetpdm.pub, select it (6) and click [Open] (7). The imported public key then shows up in the parent dialog (8).

Certificate and keys dialog

FIG 3:    Certificate and keys dialog (Heidenhain TNC 640)

Import public key file

FIG 4:    Import public key file (Heidenhain TNC 640)
  • Your controller now supports secure SSH key authentication from CNCnetPDM.

TNC REMO SSH SETUP

Newer Heidenhain controllers and even programming stations can only be accessed by secure SSH communication with TNC Remo. To enable SSH access first make sure that password authentication is enabled at the controller.

In TNC Remo select Connection -> New configuration. In field Save as enter a name for the connection e.g. Test_SSH (9). In section Connection select Network connection to control (TCP/IP Secure) (10)

TNC Remo SSH setup (TCP/IP secure)

FIG 5:    TNC Remo SSH setup (TCP/IP secure)

In Section Settings enter IP Address/Host of your control (11) and User name (default: user) (12) followed by [Apply] (13)

TNC Remo SSH setup (user name)

FIG 6:    TNC Remo SSH setup (user name)

On connect TNC Remo now automatically opens a command line window where you have to type in the password (default: user) twice.

You should now be able to access your controller by secure communication with TNC Remo.

TECHNICAL NOTES (TNC REMO)

  • TNC Remo itself is not able to perform secure communication. To do so it uses a set of hidden helper programs.
  • On SSH setup these programs create a private / public key pair in subfolder \.ssh of your user profile and transmit the public key to the controller. These keys must not be used for other programs than TNC Remo.
  • If you establish a secure connection with TNC Remo it does not directly communicate with your controller. Instead it starts a hidden program that creates a new random(!) IP address.
  • By using the random address the helper program connects to your controller on TCP port 22. TNC Remo then only communicates with the helper program.
  • If you use a firewall you have to add an exception that allows connections from any program and any IP address of your PC to TCP port 22 of your controller to be able to use TNC Remo secure communication!
  • For CNCnetPDM you only have to allow communication from the program itself to TCP port 22 of the controller.

 

Privacy notice

This website uses cookies. By continuing to use it you agree to our privacy policy. 

https://www.inventcom.net/support/heidenhain/secure-communication

Support | Heidenhain | Overview

For machines with Heidenhain TNC/iTNC controllers CNCnetPDM enables you to acquire and monitor machine-, process-, part-counter and quality-data and... [read more]
Support | Heidenhain | Overview

Support | Heidenhain | Release Notes

(11/19/2023) We released an updated version of our CNCnetPDM IIoT Adapter for machines with Heidenhain controllers that adds new features and enhances compatibility with MS... [read more]
Support | Heidenhain | Release Notes

Support | Heidenhain | TNC Machine Data

For machines with Heidenhain TNC and iTNC controllers CNCnetPDM enables to acquire and monitor machine-, process- and quality-data in near real time. Seamless integration of the... [read more]
Support | Heidenhain | TNC Machine Data

Support | Heidenhain | Machine Monitoring

This highly configurable Heidenhain IIoT adapter for CNCnetPDM enables you to monitor machine-, process- and quality data from machines with Heidenhain controllers from TNC 426... [read more]
Support | Heidenhain | Machine Monitoring

Support | Heidenhain | Read TNC PLC Data

For machines with Heidenhain TNC and iTNC controllers this program enables to read and output PLC (Programmable Logic Controller) data from an external PC connected to the... [read more]
Support | Heidenhain | Read TNC PLC Data

Support | Heidenhain | Write TNC PLC Data

This utility program for machines with Heidenhain TNC and iTNC controllers allows writing and reading of PLC data and machine parameters from an external PC connected to the... [read more]
Support | Heidenhain | Write TNC PLC Data

Support | Heidenhain | Read Part Counters

For any kind of performance-, OEE- or cycle-related analysis of machine data information about the number of produced workpieces is required. For machines equipped with... [read more]
Support | Heidenhain | Read Part Counters

Support | Heidenhain | DNC Option 18

For newer Heidenhain machine controllers ‘DNC Option 18’ can be purchased optionally . Without it most of the high level language commands to communicate with the... [read more]
Support | Heidenhain | DNC Option 18

Support | Heidenhain | Symbolic PLC Names

For controllers starting with TNC 320 up to TNC 7 Heidenhain uses the concept of access to Programmable Logic Controller (PLC) addresses by  symbolic names . As the same... [read more]
Support | Heidenhain | Symbolic PLC Names
Modified: 2025-09-01