Non listed stuff (its funny that the ssh "supertrick" comes up every week on HN, i guess i should copy past this post):
* the other advantage is "not forwarding the agent" which is more secure
* using control socket can be annoying because of the way it closes / is opened in certain conditions
* ssh -W saves a nc command
* the % hack does not work in all conditions, only for simple constructs
It would be nice to have this stuff just work native in SSH to avoid all the issues, and more reliable control socket release.
i've been using a script adding the entries to .ssh/config for many years and enable control socket manually when i know i want it, but all this is quite cumbersome, even if its still better and less annoying than ssh -A.
There is a hack that you can put in your ssh config file to be able to write ssh gateway%host and have it transparently perfom the hop. See http://news.ycombinator.com/item?id=3545370
I wrote a tool to do proxy based host chaining a last year. It has support for some more complicated things such as different usernames and/or ports per host. It will also autodetect whether ssh -W works ane fall back to remote netcat if not.
I use bash functions with ssh -t because, for some reason, on OSX, the ProxyCommand doesn't properly do pubkey authentication for me. Even when I explicitly set ForwardAgent or -A. :/
nice
I do this to access work machines from home. The only problem with the technique is that some organizations and malware detection software consider netcat to be a "hacking" tool and remove it. This is particularly common on Windows servers.
Newer OpenSSH has a netcat mode built-in http://blog.rootshell.be/2010/03/08/openssh-new-feature-netc...