diff --git a/documentation/ssh_tunnel.markdown b/documentation/ssh_tunnel.markdown
new file mode 100644
index 0000000000000000000000000000000000000000..69c7bacd736a27a697bdeef3bcaff77b4777e0af
--- /dev/null
+++ b/documentation/ssh_tunnel.markdown
@@ -0,0 +1,109 @@
+SSH tunnel
+==========
+
+Often a given service is restricted to only the local machine, as it may be a security issue to open it for public connections from the whole internet. Common examples are the Remote Desktop Protocol (RDP) and a local web server for Jupyter. In order to access such services from outside, one has to make use of SSH tunnels. Not only does SSH allow to tunnel connections securely over the public network, it will also encrypt all network traffic in transit. We will cover local port forwarding here, where SSH is used to "forward" a port, that is only available on a given host, to any other remote host. For a more detailed explanation, refer to [A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding](https://iximiuz.com/en/posts/ssh-tunnels/)
+
+Local Port Forwarding
+---------------------
+
+Let's assume we start a local Python web server on a D-PHYS Linux workstation like that:
+
+```bash
+user@workstation:~$ python3 -m http.server 9000 --bind 127.0.0.1
+Serving HTTP on 127.0.0.1 port 9000 (http://127.0.0.1:9000/) ...
+```
+
+The server now listens on the loopback interface (`127.0.0.1`) and will only be reachable on the local computer:
+
+```bash
+user@workstation:~$ ss -tulpn | grep 9000
+tcp   LISTEN 0      5             127.0.0.1:9000       0.0.0.0:*    users:(("python3",pid=49323,fd=3))
+```
+
+In order to connect to the server from another computer over the network, we can use an ssh tunnel.
+On the other computer establish an ssh tunnel using the following command:
+
+```bash
++user@laptop:~$ ssh -L 9001:localhost:9000 user@workstation
+user@workstation:~$
+```
+
+This opens a local port `9001` on the laptop and forwards it to port `9000` on the remote workstation.
+You may also use the same port number on both sides. This is just for clarity of the example.
+
+You can now access the remote Python server directly in the browser on your laptop via `http://127.0.0.1:9001/`.
+
+
+Linux xrdp via SSH tunnel
+-------------------------
+
+Some Linux workstations provide an [xrdp](https://www.xrdp.org/) service for graphical remote login.
+This is an on-demand service and needs to be requested by the hardware owner by [[contacting us|services/contact]].
+
+For security reasons the service listens on the loopback interface only and is not exposed directly to the network.
+Use an ssh tunnel to connect to it from anywhere:
+
+```bash
++user@laptop:~$ ssh -L 13389:localhost:3389 user@workstation
+```
+
+The RDP port 3389 of the remote workstation will be forwarded to the custom port 13389 on your local computer. Connect your RDP client to the local forwarded port using the following commands.
+
+### Windows
+
+```sh
+mstsc /v:localhost:13389
+```
+
+### Linux
+
+```sh
+xfreerdp /bpp:24 /v:localhost:13389 /u:<username> /clipboard +fonts
+```
+
+Where `<username>` must be replaced with your D-PHYS username.
+
+### macOS
+
+```sh
+open "rdp://full%20address=s%3Alocalhost:13389"
+```
+
+Or open for instance the Microsoft Windows app and connect to `localhost:13389`.
+
+
+Windows RDP via SSH tunnel
+--------------------------
+
+We offer a [[services/Windows Terminal Server]] for remote access with RDP. If you connect from outside the ETH network, you need to open an appropriate SSH tunnel beforehand, depending on the operating system of your computer.
+
+### Windows
+
+Open `cmd` by typing in the start menu and paste the following command to open an SSH tunnel.
+
+```bash
+ssh -l yourloginname -C -L 3390:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
+```
+
+Replace `yourloginname` with your D-PHYS username. Let the command prompt window open. Then open the `Remote Desktop Connection` application and connect to `127.0.0.1:3390`. Make sure to use `ad\your_dphys_username` as username.
+
+You can also use Putty instead the ssh client, see [[here|services/how_to_connect_windows_ts_from_outside]].
+
+### Linux
+
+```bash
+ssh -l yourloginname -C -f -L 3389:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
+rdesktop -d AD -x l -z -k en-us -x 0x80 -g 1280x1024 localhost
+```
+
+Where `yourloginname` must be replaced with your D-PHYS username.
+
+### macOS
+
+Open `/Applications/Utilities/Terminal.app` and paste the following command to open an SSH tunnel.
+
+```bash
+ssh -l yourloginname -C -f -L 3389:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
+```
+
+Replace `yourloginname` with your D-PHYS username. Then open the Microsoft Windows application and connect to `127.0.0.1`. Make sure to use `ad\your_dphys_username` as user name. Further screenshots are found in our [[Remote Desktop on macOS|osx/configuring_microsoft_remote_desktop_on_mac]] documentation.
diff --git a/linux/workstation/debian.markdown b/linux/workstation/debian.markdown
index eb315dc23d33377ad767541124003e56738b9cce..c574b433ae6b7c1584d8c25631a700b5248ef45c 100644
--- a/linux/workstation/debian.markdown
+++ b/linux/workstation/debian.markdown
@@ -114,7 +114,7 @@ The migration includes the following notable (breaking) changes to be aware of:
   special elevated privileges. Refer to [[user_privileges]] for details.
 - **Xrdp**: For security reasons `xrdp` will only be installed on-demand if requested by the hardware owner and
   the network service will only listen on the loopback interface, therefore requiring an SSH tunnel.
-  Refer to [[ssh_tunnel#rdp-via-ssh-tunnel]] for details.
+  Refer to [[documentation/ssh_tunnel]] for details.
 
 <style>
 b, strong {
diff --git a/linux/workstation/ssh_tunnel.markdown b/linux/workstation/ssh_tunnel.markdown
deleted file mode 100644
index bd39d26a27e7aca8a1451a84363614464c0c2f55..0000000000000000000000000000000000000000
--- a/linux/workstation/ssh_tunnel.markdown
+++ /dev/null
@@ -1,71 +0,0 @@
-SSH tunnel
-==========
-
-SSH tunnels can be used to tunnel connections securely over a public network.
-We will cover local port forwarding here. For a more detailed explanation,
-refer to [A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding](https://iximiuz.com/en/posts/ssh-tunnels/)
-
-Local Port Forwarding
----------------------
-
-Let's assume we start a local Python developement server on a D-PHYS Linux workstation like that:
-
-```bash
-user@workstation:~$ python3 -m http.server 9000 --bind 127.0.0.1
-Serving HTTP on 127.0.0.1 port 9000 (http://127.0.0.1:9000/) ...
-```
-
-The server now listens on the loopback interface (`127.0.0.1`) and will only be reachable on the local computer:
-
-```bash
-user@workstation:~$ ss -tulpn | grep 9000
-tcp   LISTEN 0      5             127.0.0.1:9000       0.0.0.0:*    users:(("python3",pid=49323,fd=3))
-```
-
-In order to connect to the server from another computer over the network, we can use an ssh tunnel.
-On the other computer establish an ssh tunnel using the following command:
-
-```bash
-+user@laptop:~$ ssh -L 9001:localhost:9000 user@workstation
-user@workstation:~$
-```
-
-This opens a local port `9001` on our laptop and forwards it to port `9000` on the remote workstation.
-You may also use the same port number on both sides. This is just for clarity of the example.
-
-You can now access the Python server in your browser on your laptop via `http://127.0.0.1:9001/`.
-
-xrdp via SSH tunnel
--------------------
-
-Some Linux workstations provide an [xrdp](https://www.xrdp.org/) service for graphical remote login.
-This is an on-demand service and needs to be requested by the hardware owner by [[contacting us|services/contact]].
-
-For security reasons the service listens on the loopback interface only and is not exposed directly to the network.
-Use an ssh tunnel to connect to it from anywhere:
-
-```bash
-+user@laptop:~$ ssh -L 13389:localhost:3389 user@workstation
-```
-
-Connect your RDP client to the local forwarded port using the following commands:
-
-### Windows
-
-```sh
-mstsc /v:localhost:13389
-```
-
-### Linux
-
-```sh
-xfreerdp /bpp:24 /v:localhost:13389 /u:<username> /clipboard +fonts
-```
-
-### Mac
-
-```sh
-open "rdp://full%20address=s%3Alocalhost:13389"
-```
-
-Or open for instance the Microsoft Remote Desktop app and connect to `localhost:13389`
diff --git a/services/how_to_connect_windows_ts_from_outside.markdown b/services/how_to_connect_windows_ts_from_outside.markdown
index d73baf17c1cc95a55197c3673337c7a520f21096..695ac241d97fc63a26a1ab207e8353b58034ed14 100644
--- a/services/how_to_connect_windows_ts_from_outside.markdown
+++ b/services/how_to_connect_windows_ts_from_outside.markdown
@@ -12,7 +12,7 @@ You have three possibilities for accessing the Windows Remote Desktop Server (RD
 
 First alternative possibility:
 
-* Using a **SSH tunnel** with builtin ssh client in Windows 10 see [[here|services/windows_terminal_server/#from-a-windows-computer]].
+* Using a **SSH tunnel** with builtin ssh client see [[here|documentation/ssh_tunnel#Windows-RDP-via-SSH-tunnel]].
 
 Second alternative possibility:
 
diff --git a/services/windows_terminal_server.markdown b/services/windows_terminal_server.markdown
index faeab2446080cfbcd3198b6aa074c0f8124f184f..b5bc294dec8b9db1587847dfd794998cd05064ef 100644
--- a/services/windows_terminal_server.markdown
+++ b/services/windows_terminal_server.markdown
@@ -85,39 +85,8 @@ The Windows RDS Server is only reachable from inside the D-PHYS network but you
 
 ### Connect by VPN
 
-The recommended and easiest method is to start [[VPN|services/how_to_use_vpn]] before connecting to our RDS Server.
+The recommended and easiest method is to start [[VPN|services/how_to_use_vpn]] before connecting to our RDP Server.
 
-### Alternative method using ssh client
+### Alternative method using ssh tunnel
 
-#### from a Linux Computer
-
-If you come from outside of the D-PHYS network, you need to open an appropriate SSH tunnel beforehand, e.g. run
-
-```bash
-ssh -l yourloginname -C -f -L 3389:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
-rdesktop -d AD -x l -z -k en-us -x 0x80 -g 1280x1024 localhost
-```
-
-replacing `yourloginname` with your D-PHYS user name.
-
-#### from a Mac Computer
-
-Open `/Applications/Utilities/Terminal.app` and paste the following command to open an SSH tunnel
-
-```bash
-ssh -l yourloginname -C -f -L 3389:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
-```
-
-replacing `yourloginname` with your D-PHYS user name. Then open the `Remote Desktop Connection` application and connect to `127.0.0.1`. Make sure to use `ad\your_dphys_username` as user name.
-
-#### from a Windows Computer
-
-Open `cmd` by typing in the start menu and paste the following command to open an SSH tunnel.
-
-```bash
-ssh -l yourloginname -C -L 3390:winlogin.phys.ethz.ch:3389 login.phys.ethz.ch sleep 60
-```
-
-replacing `yourloginname` with your D-PHYS user name. Let the command prompt window open. Then open the `Remote Desktop Connection` application and connect to `127.0.0.1:3390`. Make sure to use `ad\your_dphys_username` as user name.
-
-You can also use Putty instead the openssh client, see  [[here|services/how_to_connect_windows_ts_from_outside/]].
+The details are explained in our [[documentation/ssh tunnel]] documentation.