Why didn’t anyone tell me about transparent multi-hop SSH before?
We have production servers that are not directly accessible through the Internet with SSH. To access the server, you have to first log into a proxy host and from there you can ssh to the actual host. The production servers are not even in a domain that would be resolved through public DNS.
This is of course very secure and all, but makes it difficult to locally run scripts that access the production host. But, ProxyCommand to the rescue!
Let’s say our servers are located at something.foobar.mgmt and our proxy host is at proxy.example.com. Now, edit your ~/.ssh/config file and add this:
ProxyCommand ssh -A proxy.example.com -W %h:%p
After adding these two lines, you can directly do ssh something.foobar.mgmt and SSH will transparently proxy your connection through the other host.
And if that’s not enough, scp and sftp will also work straight away using the same configuration.