From Bastion Hosts to SSH Access Proxies: A Better Way to Secure Access

Bastion hosts were supposed to make it simple. One static entry point, controlled access, logging. But they’ve grown heavy with maintenance, blind spots, and security assumptions that break under real pressure. An SSH access proxy can do better — faster onboarding, dynamic access controls, zero exposure to the public internet.

A bastion host is a server you maintain. An SSH access proxy is a service that mediates connections without holding open doors. The difference is critical. Bastion hosts require constant patching, credential sync, firewall rules, and manual clean-up. An SSH access proxy handles authentication and authorization on demand. It tracks and enforces identity at the session level. It can integrate with existing SSO, enforce MFA, and log every command without giving away a direct network path.

The problem with the bastion model is it allows long-lived credentials to sit on user devices. If those keys leak, the target environment is one step away from compromise. Access proxies remove that surface. They give developers just-in-time SSH, signed for short lifetimes, issued only when needed and only for approved destinations. The edge of trust moves to where it belongs — off the network, into verifiable identity and policy.

Migrating from bastions to a modern SSH access proxy removes choke points that slow down teams and expose infrastructure to predictable attack patterns. It reduces admin overhead. It forces every access to obey the same centralized rules. It eliminates the need to maintain an extra fleet of servers just to get to the real servers.

If your bastion host is already a single point of failure, it’s time for an alternative that won’t wake you up at 2 a.m. hoop.dev delivers exactly that — a secure SSH access proxy with no public endpoints to guard, no keys to rotate by hand, and no extra boxes to maintain. You can go from zero to protected access in minutes. See it live at hoop.dev.