Lin’s fingers flew across the keyboard, each keystroke a tiny act of defiance. On her screen, a single line of text glowed in the terminal:
Lin let out a breath she didn’t know she’d been holding. The bastion was still standing. The DR VM was alive. And because sshrd had used only native SSH—no extra agents, no APIs—it had left zero logs the attackers would think to check.
And now, maybe, their only hope.
She opened a new terminal. Typed:
./sshrd.sh --target bastion.corp.local --jump dr-vm.internal --payload restore_toolkit.tar.gz sshrd script
The attackers had left one thread uncut: the bastion’s outbound SSH keys to a tiny, off-site disaster recovery VM in a different cloud region. The VM had no public IP, no DNS—just a hidden internal address reachable only via the bastion. If Lin could jump through the bastion and push a clean restore script onto that VM before the malware spread there too…
Thirty seconds felt like thirty years.
And in the bottom corner of her screen, the prompt blinked patiently, waiting for the next command.
The corporate network had fallen hours ago. Ransomware, the kind that didn’t just lock files but laughed at you while doing it, had crawled through every primary server. The C-suite was screaming into a dead satellite phone. The backups? Also encrypted. The only machine still clean was this ancient CentOS bastion host—a forgotten sentry at the network’s edge, running nothing but SSH and Lin’s custom script. Lin’s fingers flew across the keyboard, each keystroke
[sshrd] Generating jump chain... [sshrd] Sending payload (via bastion -> dr-vm)... [sshrd] Executing remote command... [sshrd] Waiting for completion (30s timeout)...
She hit Enter.