That is where hardened with SELinux comes in. The outermost login method only capability beyond communication in the initial connection should be to open a tunnel to the next level, so any remote code execution could only execute the code to open the tunnel.

Building security in depth correctly is not simple. It takes work to construct layers so that one compromised layer do not cause whole system failure.