Many networks have hosts which aren’t directly accessible via SSH, but have to be connected to via another host.  This can be a pain, especially when one wishes to use scp or sftp.

For a while now I’ve been using the following in my SSH .config file to allow me to SSH ‘directly’ to such hosts:

Host ultimate-destination-name
  ProxyCommand ssh -q intermediary-host nc %h %p $*
  HostName ultimate-destination-host

Where ‘ultimate-destination-name’ is the friendly name for the remote host – this probably shouldn’t be a hostname to avoid confusion, ‘intermediary-host’ is the Internet-accessible host to connect via, and ‘ultimate-destination-host’ is the local hostname/IP for the destination machine, ie what you’d type after ssh once logged into the intermediary host.
You’ll need netcat installed on the intermediary host for this to work.

Apart from the obvious advantage of being able to just type ’ssh foo’ to get straight to host foo, this method also allows you to use your local ssh keys without any sort of trust arrangement.

netcat, ssh, Tips