SSH proxy_command

In the interest of network segregation, some environments require access to certain parts of the network to go via a gateway or “jump” host. The jump host acts as a choke point, forcing all SSH access to go through it, and so preventing direct access to systems on the other side of the choke point.

If you need to access a remote host via an SSH jump host, you can configure it automatically by adding the following to your ~/.ssh/config


This config also defines that password authentication is preferred over public key authentication for hosts in .restricted.area

Host *.restricted.area
PreferredAuthentications password,publickey
ProxyCommand  ssh jumphost.restricted.area nc %h %p 2> /dev/null

You can now run ssh somehost.restricted.area directly, and your connection will go via jumphost.restricted.area without having to first manually run ssh jumphost.restricted.area.