SSH via Jump Server in One Step

Its common to use bastion/bounce/jump machine to access machines in a separate security zone.

I have been doing it in two steps so far:

  1. ssh into bastion-machine with agent authentication forwarding
ssh -A <user>@<bastion-machine>
  1. then from bastion-machine ssh to the secure-machine:
ssh <user>@<secure-machine>

Recently, I learned that this can be done in a single step:

ssh -J <user>@<bastion-machine> <user>@<secure-machine>

Additionally, its also possible to do port-forwarding through the secure-machine in a single step. For example to forward requests to 5433 port of your local machine to 5432 of Postgres instance that is accessible only from the secure-machine:

ssh -J <user>@<bastion-machine> -L 5433:<postgres-machine>:5432 <user>@<secure-machine>