I developed a JavaFx Desktop program the employees of the company. Now, they want to use the program in their houses with their own personal computers. The program has MySQL and FTP services.
I need to use SSH Tunnel or VPN so that the program can connect from outside to the remote server in the office(port forwarding for FTP and MySQL).
If I want to use SSH Tunnel I have to install(or copy/paste) the certificates in the own employees' computers and I think that this option is dangerous because of the certificates can be engaged to attacks of their computers.
Sometimes I have thought to create one certificate for each employee (100 people) to control better who is connected in each time, but it's too much laborious to maintain.
I would like to use SSH Tunnel but I don't know if the best option in this situation.
What other options can I use to connect my program to remote server securely?
Best Answer
There aren't a lot of protocol choices - whatever you choose needs to be:
You could use SSH, but setting up a VPN is what most business do (in my experience). You can then only allow VPN connections through the firewall and nothing else needs to change.
Your best bet is to look into a small business VPN device. A quick search here brings up lots of (off-topic) posts asking for recommendations.
Long story short, whatever you use you're going to have to create and issue a cert or key to every employee. The only sensible way to do this is using script or management tool.