My employer requires me to first log on to a VPN, and only then I can SSH into the servers. But, given the security of SSH, is a VPN overkill?
What is the use of a VPN in terms of security if I am already using SSH?
VPN SSH – Why Use SSH and VPN in Combination?
sshvpn
Best Answer
The reasoning behind your current setup is probably some combination of the following three reasons.
The VPN is a security solution for outside your company's network (See #1 below). SSH however, might be a second layer of security outside of your company's network... but its main purpose is to secure the traffic within your company's network (See #2 Below). VPN is also necessary if the device you are trying to SSH into is using a private address on your companies network (See #3 below).
VPN creates the tunnel to your company network that you push data through. Thus no one seeing the traffic between you and your company's network can actually see what you're sending. All they see is the tunnel. This prevents people that are outside the company network from intercepting your traffic in a way that is useful.
SSH is an encrypted way of connecting to devices on your network (as opposed to Telnet, which is clear text). Companies often require SSH connections even on a company network for security sake. If I have installed malware on a network device and you telnet into that device (even if you're coming through a VPN tunnel - as the VPN tunnel usually terminates at the perimeter of a company's network), I can see your username and password. If it's SSH you're using, then I cannot.
If your company is using private addressing for the internal network, then the device you are connecting to may not be rout-able over the internet. Connecting via a VPN tunnel would be like you are directly connected in the office, therefore you would use the internal routing of the company network that would not be reachable outside of the company network.