Where to Put SSH Server?

- V
- VistaCruiser1977
  
  Contact options for registered users
posted
18 years ago

Fri, Dec 16, 2005 1:13 AM

I'm setting up a network with a private network and a DMZ. I want to be able to access machines in the private network via SSH from the Internet. Should I put the SSH server on a machine on the private network or on a machine in the DMZ?

I'm thinking the DMZ because then I'll need to SSH from there to the private network and so will any attacker and breaking two SSH links is more difficult than breaking only one if I SSH directly into the private network from the Internet.

Is my reasoning sound, or should I put the Internet-visible SSH server on the private network?

Loading thread data ...

- V
- Volker Birk
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Dec 16, 2005 9:17 AM

You could SSH the firewall implementation between DMZ and private zone, and from there into the private zone. Usually, you should control, from where those ssh requests come, too.

Yes. Especially, if you're only using PSK, i.e. DSA, and your both SSH implementations are different programs, so an exploit in one of them does not lead to making your private network unsecure.

Yours, VB.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.