I'm setting up a network with a private network and a DMZ. I want to be able to access machines in the private network via SSH from the Internet. Should I put the SSH server on a machine on the private network or on a machine in the DMZ?
I'm thinking the DMZ because then I'll need to SSH from there to the private network and so will any attacker and breaking two SSH links is more difficult than breaking only one if I SSH directly into the private network from the Internet.
Is my reasoning sound, or should I put the Internet-visible SSH server on the private network?