A Jump Host is a special purpose computer on a network typically used to manage devices in a separate DMZ. So, I'm looking for the proper way to implement this for a target running on Windows.
I was thinking about using a tunnel to a Cygwin SSHD on the target host via some SSH client like Putty.
What is the best practice for that? Does Microsoft provide a solution?
Yes, Microsoft does provide at least one solution. It's Remote Desktop Services. Specifically, the RD Gateway component. Technically, RD Gateway is an RPC over HTTP proxy which utilizes SSL to provide users with RDP connections to remote computers or RD session hosts over port 443.
You ---[Port 443] ---> RD Gateway ---[Port 3389]---> Remote Host
But you mention Cygwin and SSH so your needs might dictate that you use something more Unixy.
Remote Desktop Gateway is probably as close you'll come to an official Microsoft solution.
Something along these lines:
+------------+
+ + +-----------> |
| | | | |
| | | | Server |
+-----------+ | +-------------+ | +------+------+ | |
| | | | | | | | +------------+
| | | | | | | |
| Internet +---->RDS Gateway +---->RDS Session | +------------+
| | | | | | | Host +--->| |
| | | | | | | | | |
+-----------+ | +-------------+ | +-------+-----+ | Server |
| | | | |
| DMZ | | +------------+
| | |
+ + | +------------+
| | |
+----------> |
| Server |
| |
+------------+
