Warning about SSH to root
Do not ssh from a customer environment to any C2 infrastructure directly as root. A compromise of that channel could compromise the BHIS C2 infrastructure. That would be bad.
Always use a non-privileged and isolated user as your SSH login, when logging in from a customer environment.
You could set up a chroot jailed user.
You could set up an tunnel-only user with /bin/true as its shell so that it cannot log in.
David Fletcher has some scripts in https://github.com/aut0m8r/FunWithMacros that can help. Check the directpersistence directory.
Brad has another option that works well for Brad at C2 and Pivot.
Set a strong password on all of your ssh keys, too. (If you can clearly explain when and why you don’t need to do that, you may get a grudging pass. But imagine how you’ll feel if something is compromised using your password-less ssh keys…)