When it not possible to reach a server you want to SSH to directly, you can make use of SSH’s built in capability to chain multiple commands. Suppose you have a network setup like in the image below.
Firewalls or ACL’s prevent direct access to the ‘web server’ in network #2. In between is a ‘jump host’ in network #1. A ‘jump host’ is a host you can SSH to, and from there reach the next hop. How to SSH to the web server?
You could do this manually:
ssh -l user jump-host
and then from that server:
ssh -l user webserver.dmz
But using the -t switch, you can chain them together like this:
ssh -A -t -l user jump-host \ ssh -A -t -l user webserver.dmz
The -A switch enables forwarding of the ssh-agent. When using key based authentication, you’ll be able to login with typing the certificate’s password only once.
Using this technique, you can also build a SSH tunnel through the jump host:
ssh -A -t -l user jump-host \ -L 8080:localhost:8080 \ ssh -A -t -l user webserver.dmz \ -L 8080:localhost:8080
When you type: http://localhost:8080 in a browser, you are connected over a secure tunnel to the web server in Network #2. Thanks to the chaining of commands, this is now possible.
You can use many chained commands, so this is very flexible.