[ryao]

> It can be used to secure your SSH service, or securely share your database server.

SSH is one of the most secure network daemons ever devised. This is not to say that there is never any need to harden SSH, but given that people usually secure services behind SSH, I find the words “secure your SSH service” strange.

That said, I am no stranger to bastion/jump hosts, but those usually involve accessing one ssh host through another ssh host.

[amitu]

You are on the right track, this is bastion like setup, but without needing another ssh host. This is one layer on top of SSH, so all SSH security applies for ssh over kulfi, but you get extra benefits like not having to expose SSH port to public, or not having guessable identifier (the IP address).