Hmm! I never considered checking to see what loginctl was doing

And yep I think you’re right, the most portable way of doing this is to maybe write my own service with hooks for OnBoot OnShutdown OnSleep OnWake (if that’s a systemctl hook…)

I see thanks

You can always connect to yourself from the Windows machine and tunnel SSH over that, but it’s likely you’ll hit a firewall or possibly even a TLS MitM box.

I don’t want to undermine their security. I could do a reverse proxy of course, I was just wondering if AWS itself had a solution here

Yeah the browser seems to be what I’m resigned to. In terms of security, there isn’t really much stopping me from spawning an reverse SSH proxy to a public server from within the desktop, and then connecting to that…

If I wanted to wreac havok, my user would still need to be in the right access groups to do anything. I feel that cutting out the middleman and letting me connect directly to the bastion would be easier for everyone…

I have, but the IT dept either willfully misinterprets my request, or does not actually know. No judgement from my side, as I am also uncertain.

My plan is to find a solution that complies with their security standards (i.e. through AWS’s authentication spec), but allows me a VPN/SSH style passthrough.

Holy shit I got this one:

• https://www.youtube.com/watch?v=uhfvCiu8bEc

I’m trying to work out if it’s real or not. It’s from 2013, so I guess VFX wasn’t so great back then, but then… where? and when? and why?

Edit: I’ve been duped by mediocre graphics, don’t worry I’m writing my will as we speak.