Join Log in
Score:0
Arkhan6 avatar Server

Connect SSH Tunnel with the Java Desktop program (.jar) to remote server

us flag
Arkhan6

I developed a JavaFx Desktop program the employees of the company. Now, they want to use the program in their houses with their own personal computers. The program has MySQL and FTP services.

I need to use SSH Tunnel or VPN so that the program can connect from outside to the remote server in the office(port forwarding for FTP and MySQL).

If I want to use SSH Tunnel I have to install(or copy/paste) the certificates in the own employees' computers and I think that this option is dangerous because of the certificates can be engaged to attacks of their computers.

Sometimes I have thought to create one certificate for each employee (100 people) to control better who is connected in each time, but it's too much laborious to maintain.

I would like to use SSH Tunnel but I don't know if the best option in this situation.

What other options can I use to connect my program to remote server securely?

93
0 + 0
Score:0
avatar Server
cn flag
shearn89

There aren't a lot of protocol choices - whatever you choose needs to be:

  • Auditable - no sharing of credentials
  • Secured - to limit risk of traffic interception/MitM
  • Manageable - if you've 100+ employees.

You could use SSH, but setting up a VPN is what most business do (in my experience). You can then only allow VPN connections through the firewall and nothing else needs to change.

Your best bet is to look into a small business VPN device. A quick search here brings up lots of (off-topic) posts asking for recommendations.

Long story short, whatever you use you're going to have to create and issue a cert or key to every employee. The only sensible way to do this is using script or management tool.

0 + 0
Arkhan6 avatar
us flag
Arkhan6
Thank you so much for your answer. I have been thinking about do it with split tunneling with OpenVPN because I only need to use 2 ports. I don't want that all the traffic of the employees is sent throutgh the VPN. I hope it isn't a problem have to install the VPN certificate on personal employees computers (I will use password to connect the VPN as well) https://openvpn.net/for/split-tunneling-with-access-server/
0
Reply
cn flag
shearn89
This sounds sensible. Ideally it would be good to use a more enterprise solution that uses the employees LDAP/AD Accounts for authentication - the first point I made is that it's auditable so no sharing of credentials!
0
Reply
Arkhan6 avatar
us flag
Arkhan6
I don't have knowledge about use LDAP/AD accounts. I'm going to search information so that I can use it. Thanks!
0
Reply
Score:-1
Hakikat41 avatar Server
cl flag
Hakikat41

As you mentioned I would authorize the employees with the private key from the generated public/private rsa key pair for ssh connection to the office server. You can store the public key in ~/.ssh/authorized_keys and secure the private key with passphrase so that the employee can connect to server. But you must open the ssh port in the firewall for outside.

0 + 0
cn flag
shearn89
This is terrible security practice! Remote access is a big can of worms and should be done securely or not at all, as the risks to the business are way too high!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.