Not directly but through frequent analysis of many other network-based forensic activities of such initial and lateral movements.
But, it remains a viable vector to watch for, even if with A “non-existent” custom-patched OpenSSH (ie. hopefully Cloudflare again?) to log network-based frequency analysis of encrypted SSH packets being sent over multi-session SSH over a single TCP connection (of which that too remains merely a bandaid-afterthought defensive form of cybersecurity).
`MaxSessions 1` is a serious but good impediment of such an initial and lateral vector, one that should be implemented at all Jump and Bastion SSH servers … by default.
Of course, that and short-lived SSH PKI management too.
> `MaxSessions 1` is a serious but good impediment of such an initial and lateral vector, one that should be implemented at all Jump and Bastion SSH servers … by default.
Really? Is that not exactly what "jump" means? To be able to hop to the next ssh server through this one, by means of ProxyJump ?
But, it remains a viable vector to watch for, even if with A “non-existent” custom-patched OpenSSH (ie. hopefully Cloudflare again?) to log network-based frequency analysis of encrypted SSH packets being sent over multi-session SSH over a single TCP connection (of which that too remains merely a bandaid-afterthought defensive form of cybersecurity).
`MaxSessions 1` is a serious but good impediment of such an initial and lateral vector, one that should be implemented at all Jump and Bastion SSH servers … by default.
Of course, that and short-lived SSH PKI management too.
https://blog.cloudflare.com/ssh-command-logging/