socks proxy backflip logs into host and we don't log it sensibly

[willk]

The socks proxy service unit has no logging other than systemd-journal. For each one, the login can be found in the journal:

$ sudo journalctl -f -u backflip-4009-5013.service
-- Logs begin at Tue 2022-01-04 21:44:43 UTC. --
May 24 18:11:25 proxy01-rb01dev autossh[3543]: ssh: connect to host localhost port 4009: Connection refused
May 24 18:11:25 proxy01-rb01dev autossh[3543]: ssh exited with error status 255; restarting ssh
May 24 18:11:27 proxy01-rb01dev autossh[3543]: starting ssh (count 8)
May 24 18:11:27 proxy01-rb01dev autossh[3543]: ssh child pid is 8378
May 24 18:11:27 proxy01-rb01dev autossh[3543]: ssh: connect to host localhost port 4009: Connection refused
May 24 18:11:27 proxy01-rb01dev autossh[3543]: ssh exited with error status 255; restarting ssh
May 24 18:11:35 proxy01-rb01dev autossh[3543]: starting ssh (count 9)
May 24 18:11:35 proxy01-rb01dev autossh[3543]: ssh child pid is 8404
May 24 18:11:35 proxy01-rb01dev autossh[3543]: ssh: connect to host localhost port 4009: Connection refused
May 24 18:11:35 proxy01-rb01dev autossh[3543]: ssh exited with error status 255; restarting ssh
May 24 18:11:53 proxy01-rb01dev autossh[3543]: starting ssh (count 10)
May 24 18:11:53 proxy01-rb01dev autossh[3543]: ssh child pid is 8449
May 24 18:11:53 proxy01-rb01dev autossh[3543]: Warning: Permanently added '[localhost]:4009' (ECDSA) to the list of known hosts. 

Lines with "Warning: Permanently added '[localhost]:4009' (ECDSA) to the list of known hosts." are actually authentications and logins to the victim. This can happen several times as networks transition and tunnels are torn down and restarted. Also note that each proxy has its own systemd service. This means that grepping through several journal logs is required to find all logins.

This is sub optimal