Hopefully it doesn't? That would be poor design. It typically is just on a network segment that the firewall rules allow it to access the other servers.
Well, not literally. But it is meant to be the system that is used to gain root access to your domain controller to perform administrative tasks there. Install updates, fix issues, that type of thing.
So, although it does not literally house all passwords/keys/whatever to your network, it has access to a system that indirectly does.
Normal jump hosts should not have your private keys I guess, but I thought it was the closest analogy.
Just put it this way: if an attacker gets on that system, it's complete game over.
If it contains all private keys that would indeed be a bad design. Maybe what awd meant is that it contains a private key that all systems trust. That would make more sense.
So, although it does not literally house all passwords/keys/whatever to your network, it has access to a system that indirectly does.
Normal jump hosts should not have your private keys I guess, but I thought it was the closest analogy.
Just put it this way: if an attacker gets on that system, it's complete game over.