Jason Shaw via talk wrote:
> On Wed, Oct 10, 2018 at 3:06 PM Mike via talk <talk@gtalug.org> wrote:
> > That is, SSH to your other shell account, and instead of running your
> > email program, run "ssh user@eugene...", and once connected to eugene,
> > proceed as though you were connected directly.
>
> This is a great recommendation and can be easily automated.  In your
> personal ssh config, usually ~/.ssh/config you can add in:
>
> Host *.dreamhost.com
>         ProxyCommand ssh -q shellworld_host nc %h %p

Those suggestions are two very different things.  Mike is suggesting
SSH'ing to the shell on the intermediate box and then SSH'ing from it,
while Jason is suggesting to SSH the intermediate and then use it to
pipe an inner SSH connection through the outer SSH connection and emerge
there for the onward hop to the destination.

Caveat for the first solution: it involves using your credentials on the
intermediate box, so if anyone evil has compromised it they can now pop
the destination box too.

Caveat for the second solution: the SSH conversation still involves the
near-end client negotiating crypto with the far-end server, so if that
started off being the problem it's still that problem.  Also, the middle
box might not have nc (netcat) installed but there are other tactics
like LocalForward configuration that can do the same thing.

> > Such plumbing is often necessary for a variety of reasons.  Just make
> > sure you know where you are.  The commands "whoami", and "hostname"
> > are often useful!