SSH jump host

An alternative to SSH tunneling to access internal machines through gateway is using jump hosts.

The idea is to use ProxyCommand to automatically execute ssh command on remote host to jump to the next host and forward all traffic through.

Prerequisites

 * SSH access to the gateway machine and the internal one.
 * Gateway machine has Netcat installed.

Dynamic jumphost list
You can use the -J option to jump through a host:

If usernames or ports on machines differ, specify them:

Multiple jumps
The same syntax can be used to make jumps over multiple machines:

Static jumphost list
Static jumphost list means, that you know the jumphost or jumphosts you need, to reach a host. Therefore you can create a static jumphost 'routing' in file. The advantage in comparison to the dynamic jumphost option is, that you don't have to provide the .ssh config on jumphosts between your machine and all the other jumphosts between you and the final host you want to jump to.

Setup
In more recent versions of OpenSSH, i.e. OpenSSH_7.3p1 plus, the command 'ProxyCommand' can be replaced with 'ProxyJump' making the above block slightly simpler if desired:

Between ProxyCommand and ProxyJump, whichever is first in your SSH config file, will be honored.

Usage
If usernames on machines differ, specify them by modifing the correspondent ProxyCommand line:

It works with scp command, too:

Multiple jumps
The same syntax can be used to make jumps over multiple machines:

Tips
To ease the connecting even further:


 * Set these commands as shell aliases
 * To avoid typing passwords use OpenSSH keys

External resources

 * SSH through jump hosts