All custom configuration goes to your ~/.ssh/config.
You want to use a bastion to proxify your SSH connexion? Here is my configuration:
ForwardAgent yes StrictHostKeyChecking no HashKnownHosts no PermitLocalCommand yes # don't proxify thoses hosts Host bastion* *.public.example.net ProxyCommand none # proxify the following Host *example.net admin ServerAliveInterval 1 ProxyCommand ssh bastion.example.net "/bin/bash -c 'exec 3<>/dev/tcp/%h/%p && exec 4>&1 && exec 5<&0 && cat <&3>&4 | cat <&5>&3'" Host admin Hostname admin.long.complex.hostname.example.net
Before i let netcat handle the brige, but i doesn't really like this tool as it tend to bug and it is not a standard package, i now use the pure bash 3 TCP redirection you could see on the previous block (your bash has to be compiled with the option); for history sake here is the way to do the gateway using netcat (it's also the most used way on the internet):
ProxyCommand ssh bastion.example.net nc -w 2 -q 0 %h %p