Downsides to using ProxyJump when not necessary

ssh proxy

Solution 1:

ProxyJump in essence does the following:

  1. It connects to the proxy, creating a TCP port forward of random local port to the target port (22 or whichever is configured for target host). This connection lives in the background.
  2. It then connects to this forwarded port, thereby using just created SSH TCP tunnel. The tunnel is set up to connect to target host SSH port, so the connection proceeds to that target port.

The SSH connection is therefore direct. You can pass TCP tunnels through it, forward or reverse, or use any other SSH features. You can even use a proxied server as a proxy to the third system, and then there will be two background connections forwarding random ports.

The downsides as I see them are:

  • The dependence on the proxy. If you need to do some work on the proxy itself, reboot it, or something like this, all connections that are running through will be terminated.
  • The target host sees connection as if it is done from the proxy. The real address of the connecting system is completely hidden. The burden of supporting the security of this lies on the proxy. More, if the target host has some auto-banning service running like fail2ban, and if the proxy connection was successful, but target is not, that service could eventually block any connections from proxy. Not very convenient!

Both of these downsides are the necessary trade-ofs of using proxy, but sometimes, when the host is accessible directly, could be unexpected (i.e. when you think you're connecting directly).

Related

Network solution does not accept an AWS machine as nameserver
What is the correct option for Samba's "strict allocate" when serving a zfs volume?
Nginx location exclude specific folder
I have deleted all the Azure AKS Kubernetes Nodes, how to restore back the Cluster to it's original state?
Netdata, prometheus and grafana - why recommended in this constellation?
Why are knot invariants best organized as polynomials?
Do infinitely many points in a plane with integer distances lie on a line?
For which $n$ is $ \int \limits_0^{2\pi} \prod \limits_{k=1}^n \cos(k x)\,dx $ non-zero?
eigenvalues of certain block matrices
how does expectation maximization work in coin flipping problem
Closed-form for rational log integral: $\int_0^1\left(\frac{\ln x}{1-x}\right)^{n}dx$
The Krull dimension of a module